Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

806b6bdbd0...04.doc

windows7-x64

10

806b6bdbd0...04.doc

windows10-2004-x64

1

Analysis

  • max time kernel
    152s
  • max time network
    194s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 08:13 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204.doc

  • Size

    324KB

  • MD5

    510373e64ab11602490e0e5eb36ef4d1

  • SHA1

    284e402d86e35a510e428bd6dc990e1d6d87a8bc

  • SHA256

    806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204

  • SHA512

    30f536eeccc1200bf69f3adef6214387a17c919f332ca120b56e1d20dfd9e996c4aaa38f4d593ee7d25e05f8add7b17ea02922e3d4ac59403ab1d574c76345ff

  • SSDEEP

    6144:xzAFVteZhTDb2WzbxEvk69q6CC4KEqU/G0VmyhNz+0dfpnXh:CfeqAxEvl9j34KEqcG02sRh

Score
10/10
plugxtrojan

Malware Config

Signatures

  • Detects PlugX payload 29 IoCs
  • PlugX

    PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

    trojanplugx
  • Process spawned unexpected child process 11 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Executes dropped EXE 15 IoCs
  • Loads dropped DLL 29 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Enumerates processes with tasklist 1 TTPs 11 IoCs
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 40 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 12 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 51 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 22 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204.doc"
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1772
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:1488
      • C:\Users\Admin\AppData\Local\Temp\4B93.tmp
        C:\Users\Admin\AppData\Local\Temp\4B93.tmp
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1792
        • C:\ProgramData\SxS\rc.exe
          "C:\ProgramData\SxS\rc.exe" 100 1792
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of AdjustPrivilegeToken
          PID:596
      • C:\Windows\SysWOW64\cmd.exe
        cmd.exe /c tasklist&"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" "C:\Users\Admin\AppData\Local\Temp\806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204.doc"
        2⤵
        • Process spawned unexpected child process
        • Suspicious use of WriteProcessMemory
        PID:316
        • C:\Windows\SysWOW64\tasklist.exe
          tasklist
          3⤵
          • Enumerates processes with tasklist
          • Suspicious use of AdjustPrivilegeToken
          PID:780
        • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
          "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" "C:\Users\Admin\AppData\Local\Temp\806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204.doc"
          3⤵
          • Loads dropped DLL
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2040
          • C:\Users\Admin\AppData\Local\Temp\94E2.tmp
            C:\Users\Admin\AppData\Local\Temp\94E2.tmp
            4⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:1100
            • C:\ProgramData\SxS\rc.exe
              "C:\ProgramData\SxS\rc.exe" 100 1100
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of AdjustPrivilegeToken
              PID:1532
          • C:\Windows\SysWOW64\cmd.exe
            cmd.exe /c tasklist&"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" "C:\Users\Admin\AppData\Local\Temp\806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204.doc"
            4⤵
            • Process spawned unexpected child process
            • Suspicious use of WriteProcessMemory
            PID:940
            • C:\Windows\SysWOW64\tasklist.exe
              tasklist
              5⤵
              • Enumerates processes with tasklist
              • Suspicious use of AdjustPrivilegeToken
              PID:1224
            • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
              "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" "C:\Users\Admin\AppData\Local\Temp\806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204.doc"
              5⤵
              • Loads dropped DLL
              • Suspicious behavior: AddClipboardFormatListener
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SetWindowsHookEx
              PID:1880
              • C:\Users\Admin\AppData\Local\Temp\33CF.tmp
                C:\Users\Admin\AppData\Local\Temp\33CF.tmp
                6⤵
                • Executes dropped EXE
                • Suspicious use of AdjustPrivilegeToken
                PID:1788
              • C:\Windows\SysWOW64\cmd.exe
                cmd.exe /c tasklist&"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" "C:\Users\Admin\AppData\Local\Temp\806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204.doc"
                6⤵
                • Process spawned unexpected child process
                PID:1104
                • C:\Windows\SysWOW64\tasklist.exe
                  tasklist
                  7⤵
                  • Enumerates processes with tasklist
                  • Suspicious use of AdjustPrivilegeToken
                  PID:1944
                • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
                  "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" "C:\Users\Admin\AppData\Local\Temp\806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204.doc"
                  7⤵
                  • Loads dropped DLL
                  • Suspicious behavior: AddClipboardFormatListener
                  • Suspicious use of SetWindowsHookEx
                  PID:1932
                  • C:\Users\Admin\AppData\Local\Temp\4137.tmp
                    C:\Users\Admin\AppData\Local\Temp\4137.tmp
                    8⤵
                    • Executes dropped EXE
                    • Suspicious use of AdjustPrivilegeToken
                    PID:940
                    • C:\Windows\SysWOW64\msiexec.exe
                      C:\Windows\system32\msiexec.exe 209 940
                      9⤵
                      • Suspicious use of AdjustPrivilegeToken
                      PID:768
                  • C:\Windows\SysWOW64\cmd.exe
                    cmd.exe /c tasklist&"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" "C:\Users\Admin\AppData\Local\Temp\806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204.doc"
                    8⤵
                    • Process spawned unexpected child process
                    PID:1584
                    • C:\Windows\SysWOW64\tasklist.exe
                      tasklist
                      9⤵
                      • Enumerates processes with tasklist
                      • Suspicious use of AdjustPrivilegeToken
                      PID:844
                    • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
                      "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" "C:\Users\Admin\AppData\Local\Temp\806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204.doc"
                      9⤵
                      • Loads dropped DLL
                      • Suspicious behavior: AddClipboardFormatListener
                      • Suspicious use of SetWindowsHookEx
                      PID:1632
                      • C:\Users\Admin\AppData\Local\Temp\49FD.tmp
                        C:\Users\Admin\AppData\Local\Temp\49FD.tmp
                        10⤵
                        • Executes dropped EXE
                        • Suspicious use of AdjustPrivilegeToken
                        PID:1648
                      • C:\Windows\SysWOW64\cmd.exe
                        cmd.exe /c tasklist&"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" "C:\Users\Admin\AppData\Local\Temp\806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204.doc"
                        10⤵
                        • Process spawned unexpected child process
                        PID:1636
                        • C:\Windows\SysWOW64\tasklist.exe
                          tasklist
                          11⤵
                          • Enumerates processes with tasklist
                          • Suspicious use of AdjustPrivilegeToken
                          PID:1548
                        • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
                          "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" "C:\Users\Admin\AppData\Local\Temp\806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204.doc"
                          11⤵
                          • Loads dropped DLL
                          • Suspicious behavior: AddClipboardFormatListener
                          • Suspicious use of SetWindowsHookEx
                          PID:972
                          • C:\Users\Admin\AppData\Local\Temp\B5E9.tmp
                            C:\Users\Admin\AppData\Local\Temp\B5E9.tmp
                            12⤵
                            • Executes dropped EXE
                            • Suspicious use of AdjustPrivilegeToken
                            PID:892
                          • C:\Windows\SysWOW64\cmd.exe
                            cmd.exe /c tasklist&"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" "C:\Users\Admin\AppData\Local\Temp\806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204.doc"
                            12⤵
                            • Process spawned unexpected child process
                            PID:2092
                            • C:\Windows\SysWOW64\tasklist.exe
                              tasklist
                              13⤵
                              • Enumerates processes with tasklist
                              • Suspicious use of AdjustPrivilegeToken
                              PID:2140
                            • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
                              "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" "C:\Users\Admin\AppData\Local\Temp\806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204.doc"
                              13⤵
                              • Loads dropped DLL
                              • Suspicious behavior: AddClipboardFormatListener
                              • Suspicious use of SetWindowsHookEx
                              PID:2180
                              • C:\Users\Admin\AppData\Local\Temp\D9CD.tmp
                                C:\Users\Admin\AppData\Local\Temp\D9CD.tmp
                                14⤵
                                • Executes dropped EXE
                                • Suspicious use of AdjustPrivilegeToken
                                PID:2256
                              • C:\Windows\SysWOW64\cmd.exe
                                cmd.exe /c tasklist&"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" "C:\Users\Admin\AppData\Local\Temp\806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204.doc"
                                14⤵
                                • Process spawned unexpected child process
                                PID:2296
                                • C:\Windows\SysWOW64\tasklist.exe
                                  tasklist
                                  15⤵
                                  • Enumerates processes with tasklist
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:2356
                                • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
                                  "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" "C:\Users\Admin\AppData\Local\Temp\806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204.doc"
                                  15⤵
                                  • Loads dropped DLL
                                  • Suspicious behavior: AddClipboardFormatListener
                                  • Suspicious use of SetWindowsHookEx
                                  PID:2392
                                  • C:\Users\Admin\AppData\Local\Temp\E4F4.tmp
                                    C:\Users\Admin\AppData\Local\Temp\E4F4.tmp
                                    16⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:2460
                                  • C:\Windows\SysWOW64\cmd.exe
                                    cmd.exe /c tasklist&"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" "C:\Users\Admin\AppData\Local\Temp\806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204.doc"
                                    16⤵
                                    • Process spawned unexpected child process
                                    PID:2500
                                    • C:\Windows\SysWOW64\tasklist.exe
                                      tasklist
                                      17⤵
                                      • Enumerates processes with tasklist
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:2544
                                    • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
                                      "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" "C:\Users\Admin\AppData\Local\Temp\806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204.doc"
                                      17⤵
                                      • Loads dropped DLL
                                      • Suspicious behavior: AddClipboardFormatListener
                                      • Suspicious use of SetWindowsHookEx
                                      PID:2580
                                      • C:\Users\Admin\AppData\Local\Temp\EDBB.tmp
                                        C:\Users\Admin\AppData\Local\Temp\EDBB.tmp
                                        18⤵
                                        • Executes dropped EXE
                                        • Suspicious use of AdjustPrivilegeToken
                                        PID:2652
                                      • C:\Windows\SysWOW64\cmd.exe
                                        cmd.exe /c tasklist&"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" "C:\Users\Admin\AppData\Local\Temp\806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204.doc"
                                        18⤵
                                        • Process spawned unexpected child process
                                        PID:2692
                                        • C:\Windows\SysWOW64\tasklist.exe
                                          tasklist
                                          19⤵
                                          • Enumerates processes with tasklist
                                          • Suspicious use of AdjustPrivilegeToken
                                          PID:2728
                                        • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
                                          "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" "C:\Users\Admin\AppData\Local\Temp\806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204.doc"
                                          19⤵
                                          • Loads dropped DLL
                                          • Suspicious behavior: AddClipboardFormatListener
                                          • Suspicious use of SetWindowsHookEx
                                          PID:2772
                                          • C:\Users\Admin\AppData\Local\Temp\F79A.tmp
                                            C:\Users\Admin\AppData\Local\Temp\F79A.tmp
                                            20⤵
                                            • Executes dropped EXE
                                            • Suspicious use of AdjustPrivilegeToken
                                            PID:2848
                                          • C:\Windows\SysWOW64\cmd.exe
                                            cmd.exe /c tasklist&"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" "C:\Users\Admin\AppData\Local\Temp\806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204.doc"
                                            20⤵
                                            • Process spawned unexpected child process
                                            PID:2888
                                            • C:\Windows\SysWOW64\tasklist.exe
                                              tasklist
                                              21⤵
                                              • Enumerates processes with tasklist
                                              • Suspicious use of AdjustPrivilegeToken
                                              PID:2928
                                            • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
                                              "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" "C:\Users\Admin\AppData\Local\Temp\806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204.doc"
                                              21⤵
                                              • Loads dropped DLL
                                              • Suspicious behavior: AddClipboardFormatListener
                                              • Suspicious use of SetWindowsHookEx
                                              PID:2960
                                              • C:\Users\Admin\AppData\Local\Temp\60.tmp
                                                C:\Users\Admin\AppData\Local\Temp\60.tmp
                                                22⤵
                                                • Executes dropped EXE
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:3040
                                              • C:\Windows\SysWOW64\cmd.exe
                                                cmd.exe /c tasklist&"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" "C:\Users\Admin\AppData\Local\Temp\806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204.doc"
                                                22⤵
                                                • Process spawned unexpected child process
                                                PID:780
                                                • C:\Windows\SysWOW64\tasklist.exe
                                                  tasklist
                                                  23⤵
                                                  • Enumerates processes with tasklist
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:892
                                                • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
                                                  "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" "C:\Users\Admin\AppData\Local\Temp\806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204.doc"
                                                  23⤵
                                                  • Suspicious behavior: AddClipboardFormatListener
                                                  PID:580
    • C:\ProgramData\SxS\rc.exe
      "C:\ProgramData\SxS\rc.exe" 200 0
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1620
      • C:\Windows\SysWOW64\svchost.exe
        C:\Windows\system32\svchost.exe 201 0
        2⤵
        • Modifies data under HKEY_USERS
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1424
        • C:\Windows\SysWOW64\msiexec.exe
          C:\Windows\system32\msiexec.exe 209 1424
          3⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:2032
    • C:\ProgramData\SxS\rc.exe
      "C:\ProgramData\SxS\rc.exe" 200 0
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      PID:1224
      • C:\Windows\SysWOW64\svchost.exe
        C:\Windows\system32\svchost.exe 201 0
        2⤵
        • Modifies data under HKEY_USERS
        • Suspicious use of AdjustPrivilegeToken
        PID:1492
        • C:\Windows\SysWOW64\msiexec.exe
          C:\Windows\system32\msiexec.exe 209 1492
          3⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:1940

    Network

    • flag-unknown
      DNS
      shanchuan.linkerservices.com
      4137.tmp
      Remote address:
      8.8.8.8:53
      Request
      shanchuan.linkerservices.com
      IN A
      Response
    • 127.0.0.1:12345
      svchost.exe
    • 127.0.0.1:12345
      svchost.exe
    • 127.0.0.1:12345
      svchost.exe
    • 127.0.0.1:12345
      svchost.exe
    • 127.0.0.1:12345
      svchost.exe
    • 127.0.0.1:12345
      4137.tmp
    • 127.0.0.1:12345
      svchost.exe
    • 127.0.0.1:12345
      svchost.exe
    • 127.0.0.1:12345
      svchost.exe
    • 127.0.0.1:12345
      svchost.exe
    • 127.0.0.1:12345
      4137.tmp
    • 127.0.0.1:12345
      4137.tmp
    • 127.0.0.1:12345
      svchost.exe
    • 127.0.0.1:12345
      svchost.exe
    • 127.0.0.1:12345
      svchost.exe
    • 127.0.0.1:12345
      svchost.exe
    • 127.0.0.1:12345
      svchost.exe
    • 127.0.0.1:12345
      svchost.exe
    • 8.8.8.8:53
      shanchuan.linkerservices.com
      dns
      4137.tmp
      74 B
       136 B
       1
      1

      DNS Request

      shanchuan.linkerservices.com

    • 10.127.255.255:53
      dns
      svchost.exe
      1.6kB
       11
    • 8.8.8.8:53
      shanchuan.linkerservices.com
      dns
      4137.tmp
      74 B
       136 B
       1
      1

      DNS Request

      shanchuan.linkerservices.com

    • 8.8.8.8:53
      shanchuan.linkerservices.com
      dns
      4137.tmp
      74 B
       136 B
       1
      1

      DNS Request

      shanchuan.linkerservices.com

    • 127.0.0.1:12345
      svchost.exe
    • 8.8.8.8:53
      shanchuan.linkerservices.com
      dns
      4137.tmp
      74 B
       136 B
       1
      1

      DNS Request

      shanchuan.linkerservices.com

    • 8.8.8.8:53
      shanchuan.linkerservices.com
      dns
      4137.tmp
      74 B
       136 B
       1
      1

      DNS Request

      shanchuan.linkerservices.com

    • 8.8.8.8:53
      shanchuan.linkerservices.com
      dns
      4137.tmp
      74 B
       136 B
       1
      1

      DNS Request

      shanchuan.linkerservices.com

    • 8.8.8.8:53
      shanchuan.linkerservices.com
      dns
      4137.tmp
      74 B
       136 B
       1
      1

      DNS Request

      shanchuan.linkerservices.com

    • 127.0.0.1:12345
      svchost.exe
    • 127.0.0.1:12345
      svchost.exe
    • 127.0.0.1:12345
      4137.tmp
    • 127.0.0.1:12345
      svchost.exe
    • 127.0.0.1:12345
      svchost.exe

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\SxS\RCDLL.dll
      Filesize

      4KB

      MD5

      a53220cfef72a3dae4ef290790adccc9

      SHA1

      d98ec3a0556a758a8bd806743b44840470062af0

      SHA256

      773a32d2c553b069ec7c49fe5285084de8da72924f4da2a1f789ae4dd8ef6717

      SHA512

      57ff498b6ef22f9bc14a243c8cf00404ed9ecb5853e5953925f717043165529154635b1f135ea7e926f51a3e35fdbfa408c92f111de31395340661a1d6f953aa

      Download Submit

    • C:\ProgramData\SxS\RCDLL.dll
      Filesize

      4KB

      MD5

      a53220cfef72a3dae4ef290790adccc9

      SHA1

      d98ec3a0556a758a8bd806743b44840470062af0

      SHA256

      773a32d2c553b069ec7c49fe5285084de8da72924f4da2a1f789ae4dd8ef6717

      SHA512

      57ff498b6ef22f9bc14a243c8cf00404ed9ecb5853e5953925f717043165529154635b1f135ea7e926f51a3e35fdbfa408c92f111de31395340661a1d6f953aa

      Download Submit

    • C:\ProgramData\SxS\bug.log
      Filesize

      1KB

      MD5

      4d82cf50aaaa7234e24d61fc3dc0b85e

      SHA1

      7531d0dbaa52e770332ce85d7f9abcb31ec461af

      SHA256

      29454f426fae8b10b9945be4b33eaf68083bef6fa9a8d4d274a980790fb2f898

      SHA512

      a6806eae4e378d7e558bb7fcbc59a8e7d142b5107271726a7d291341993a92c19605c82f13c71d6d093cd44e21e2d66e54081b3eea2eb7020d5b444afa9da6ef

      Download Submit

    • C:\ProgramData\SxS\bug.log
      Filesize

      1KB

      MD5

      4d82cf50aaaa7234e24d61fc3dc0b85e

      SHA1

      7531d0dbaa52e770332ce85d7f9abcb31ec461af

      SHA256

      29454f426fae8b10b9945be4b33eaf68083bef6fa9a8d4d274a980790fb2f898

      SHA512

      a6806eae4e378d7e558bb7fcbc59a8e7d142b5107271726a7d291341993a92c19605c82f13c71d6d093cd44e21e2d66e54081b3eea2eb7020d5b444afa9da6ef

      Download Submit

    • C:\ProgramData\SxS\bug.log
      Filesize

      1KB

      MD5

      024b0b0b413d34432d12affa39626c13

      SHA1

      651526ec0d868ade69ee6f3ef73954ed4a8ba78c

      SHA256

      2ba7edbecd7af5006678b1f5dcb0e13e18dd44f6478e01c2cf7a08e7ac521eba

      SHA512

      3c836cedeb748cbafbeec0399a4d44af0ae9c5fb4b85b2cb29084ace27966b0b300915c5cb22ee4ec07d7bc3f80967564abefe7e871cc61811439818b26827a4

      Download Submit

    • C:\ProgramData\SxS\bug.log
      Filesize

      2KB

      MD5

      ca71b07f924cd8bde35563088d8ed54c

      SHA1

      c68acc7f3b8f39cb6904d944d90dd021784dfccb

      SHA256

      45687c7b4ea1357e76d26367dea523bd2eee15178b7c4376e604042d4976e9c2

      SHA512

      64470b442dedcbc3df3cebd9b4500693da902fa21a12d187e5d768cad7ff498f44be651f4870808e8a5cc05e5db111d1d8a24744da52dbdbb23e0e06fd658337

      Download Submit

    • C:\ProgramData\SxS\bug.log
      Filesize

      3KB

      MD5

      51b64a353018ca81cc67e5f4f2ace79d

      SHA1

      ee1f3bc5c9fbb4aff44d297e9546299dc7a5fe78

      SHA256

      886c51418f761edf05633189f9d3385a4453494affb3471ba00100444da45eda

      SHA512

      56bd59b8047facb3810af558f5180ac6eb424d8864cfbaf137e70860689f250bde02e775a40e6ff72e4065fd06fff8570a9f99c2ae5fdbdea5143dd391742db2

      Download Submit

    • C:\ProgramData\SxS\bug.log
      Filesize

      3KB

      MD5

      51b64a353018ca81cc67e5f4f2ace79d

      SHA1

      ee1f3bc5c9fbb4aff44d297e9546299dc7a5fe78

      SHA256

      886c51418f761edf05633189f9d3385a4453494affb3471ba00100444da45eda

      SHA512

      56bd59b8047facb3810af558f5180ac6eb424d8864cfbaf137e70860689f250bde02e775a40e6ff72e4065fd06fff8570a9f99c2ae5fdbdea5143dd391742db2

      Download Submit

    • C:\ProgramData\SxS\bug.log
      Filesize

      3KB

      MD5

      d338846a77065cc84fed425171e8fbfb

      SHA1

      023fb69f0f7828a71df50e24d162efcc386af4fe

      SHA256

      dfffc4512032f59a0a41c39ee3841b0f36a816bcb5379002d73b3a7a657e8d6c

      SHA512

      a2c29ac98fe14370d39ce958f5c1ae2cfdcb649e530aa5cec03c6d9452c2924be88dd2bd054f88103a8ea4ab582dc0848cde1cffb281d71deb483506dd7ae1df

      Download Submit

    • C:\ProgramData\SxS\bug.log
      Filesize

      3KB

      MD5

      b5a97c9c922d6cfdd40934373ca6dbbe

      SHA1

      af9a6f4c35195e0bb2f4578ff682e16d07726b3a

      SHA256

      0bcaee6fafee9f41bee7540597509bb0d674b9db7be4fc8cac58604fe7cc2fa8

      SHA512

      f444d89f47a24e8e52299c9de9e113b61793f6e4ad3008be971047e0904921b576f795bfe985979143ae6104f579f38a6c3fee9aaceec2e2b05898605a434bd2

      Download Submit

    • C:\ProgramData\SxS\bug.log
      Filesize

      3KB

      MD5

      5cc5f855bf5643f425c566f1952eadd3

      SHA1

      ba5958a74ca0568d8612712bef92f9dd62dee102

      SHA256

      3b2775d4e852e4cfb73a95283ea1f78c91074fba086448927e63e46aaf6a5ab0

      SHA512

      3e2ca340a64dd599491c3283080cf2d7d49fe58c369a1117b60932025f5158d04f9e3f737b0546cae8966b8ec1a1f78258edb72d79a52faa1917eb477e6938e0

      Download Submit

    • C:\ProgramData\SxS\bug.log
      Filesize

      460B

      MD5

      c26b456f9f2f379595886b9a2e75ea8f

      SHA1

      ebe5ede6bbb3c988642f031591f0518b64a78243

      SHA256

      5c9e2b67db2f24b933c70ecd1dca209cbd6b0cda667f7799baccfc16a99641ad

      SHA512

      f4d4d98b0c6c77e964b6015c33b43e5fcb40431fae6c8153b37736d5a21c6251868d0e1aeb399e23dd387d3e2f852dcabbde20c98724175bc6023fe1c493829f

      Download Submit

    • C:\ProgramData\SxS\rc.exe
      Filesize

      67KB

      MD5

      3560bc05de9f7ef2df54495a4c6774f8

      SHA1

      7f64b41b320913ecc10bbe251fe1f169c5520d20

      SHA256

      83be17ad26522c9e0e6b28c8638c6548908baeb1e945db77b747ff85e74fea3c

      SHA512

      1ca4533b00800d0c68560983993dfccc600e1405583cb597fbb5c7248f81b6399d9976857a945453e5cf7e2778ae1e3f28c69c6af1d09bf8b7166c71d4b94740

      Download Submit

    • C:\ProgramData\SxS\rc.exe
      Filesize

      67KB

      MD5

      3560bc05de9f7ef2df54495a4c6774f8

      SHA1

      7f64b41b320913ecc10bbe251fe1f169c5520d20

      SHA256

      83be17ad26522c9e0e6b28c8638c6548908baeb1e945db77b747ff85e74fea3c

      SHA512

      1ca4533b00800d0c68560983993dfccc600e1405583cb597fbb5c7248f81b6399d9976857a945453e5cf7e2778ae1e3f28c69c6af1d09bf8b7166c71d4b94740

      Download Submit

    • C:\ProgramData\SxS\rc.exe
      Filesize

      67KB

      MD5

      3560bc05de9f7ef2df54495a4c6774f8

      SHA1

      7f64b41b320913ecc10bbe251fe1f169c5520d20

      SHA256

      83be17ad26522c9e0e6b28c8638c6548908baeb1e945db77b747ff85e74fea3c

      SHA512

      1ca4533b00800d0c68560983993dfccc600e1405583cb597fbb5c7248f81b6399d9976857a945453e5cf7e2778ae1e3f28c69c6af1d09bf8b7166c71d4b94740

      Download Submit

    • C:\ProgramData\SxS\rc.exe
      Filesize

      67KB

      MD5

      3560bc05de9f7ef2df54495a4c6774f8

      SHA1

      7f64b41b320913ecc10bbe251fe1f169c5520d20

      SHA256

      83be17ad26522c9e0e6b28c8638c6548908baeb1e945db77b747ff85e74fea3c

      SHA512

      1ca4533b00800d0c68560983993dfccc600e1405583cb597fbb5c7248f81b6399d9976857a945453e5cf7e2778ae1e3f28c69c6af1d09bf8b7166c71d4b94740

      Download Submit

    • C:\ProgramData\SxS\rc.exe
      Filesize

      67KB

      MD5

      3560bc05de9f7ef2df54495a4c6774f8

      SHA1

      7f64b41b320913ecc10bbe251fe1f169c5520d20

      SHA256

      83be17ad26522c9e0e6b28c8638c6548908baeb1e945db77b747ff85e74fea3c

      SHA512

      1ca4533b00800d0c68560983993dfccc600e1405583cb597fbb5c7248f81b6399d9976857a945453e5cf7e2778ae1e3f28c69c6af1d09bf8b7166c71d4b94740

      Download Submit

    • C:\ProgramData\SxS\rc.exe
      Filesize

      67KB

      MD5

      3560bc05de9f7ef2df54495a4c6774f8

      SHA1

      7f64b41b320913ecc10bbe251fe1f169c5520d20

      SHA256

      83be17ad26522c9e0e6b28c8638c6548908baeb1e945db77b747ff85e74fea3c

      SHA512

      1ca4533b00800d0c68560983993dfccc600e1405583cb597fbb5c7248f81b6399d9976857a945453e5cf7e2778ae1e3f28c69c6af1d09bf8b7166c71d4b94740

      Download Submit

    • C:\ProgramData\SxS\rc.hlp
      Filesize

      167KB

      MD5

      cdaa56c3b2b1c8a496a84be77feff592

      SHA1

      d563a74b0b3ffa7221a24318dc791fe87790569a

      SHA256

      982a0b34f51fc727b4691195de0cfbc774afc65aad559a3ff792a690f9114db5

      SHA512

      52dad0cf8e35d9b8f856058c9a94982d0d2e8f2f4870d4b443051682a2123aff3152eb97f85725282ce74a9178052d9506895b884db55e262bd3c6f548514251

      Download Submit

    • C:\ProgramData\SxS\rc.hlp
      Filesize

      167KB

      MD5

      cdaa56c3b2b1c8a496a84be77feff592

      SHA1

      d563a74b0b3ffa7221a24318dc791fe87790569a

      SHA256

      982a0b34f51fc727b4691195de0cfbc774afc65aad559a3ff792a690f9114db5

      SHA512

      52dad0cf8e35d9b8f856058c9a94982d0d2e8f2f4870d4b443051682a2123aff3152eb97f85725282ce74a9178052d9506895b884db55e262bd3c6f548514251

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\33CF.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\4137.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\49FD.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\4B93.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\4B93.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\94E2.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\94E2.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\B5E9.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\D9CD.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\E4F4.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\EDBB.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\F79A.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Word8.0\MSComctlLib.exd
      Filesize

      143KB

      MD5

      eb674b058e6121e2e1199e477e14fc6c

      SHA1

      afc72259bef41f56091d66735066de60a574c1c9

      SHA256

      be1dc865f2a8f0f66286049a6e99365d4a0814cf8629f40d6c48d67ec673a1b0

      SHA512

      a32771cce7f42a5e5c449b098abdc26fefe3bc965e2ecc5ab1b044c2ceda85290fa3760e1f919972be0e93a07fd567c3514f07c0c2bfe09cdbeb0789ab55a9ab

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~$6b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204.doc
      Filesize

      162B

      MD5

      e883a27e1eebbc21fae81e5d0950f355

      SHA1

      f26fdcdf9410a8f6c40a34045778bb2ddb2d6049

      SHA256

      2991db295de564a5112e2fb4d2741e9361ad3e12eaf246f24092f7f9040ef342

      SHA512

      e76968148093642d9c8fef67086c83d98dc0ccdc5bd20d9ac0e0618ffe0975506d15f0d406eb3b27c29de73805e1da0177d417b64bda91d1883c6a7d4891542a

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Office\MSO1033.acl
      Filesize

      36KB

      MD5

      f6399f6ad95330a1e790a56b96984fb3

      SHA1

      551e129bb62c741736984cbec444432fa77a65a2

      SHA256

      37b711569e88ce558bad14116ec77c5910b62dd2152a57d06c268452f15150d6

      SHA512

      06d3ebf00be0196907eb7d3c972a83f0dbf5a400cde13608f7904003dd2c921ceacbd0713f80dca29547157cfc7f2e821ef825a83f720dcafe28a6a0619515e1

      Download Submit

    • \ProgramData\SxS\rc.exe
      Filesize

      67KB

      MD5

      3560bc05de9f7ef2df54495a4c6774f8

      SHA1

      7f64b41b320913ecc10bbe251fe1f169c5520d20

      SHA256

      83be17ad26522c9e0e6b28c8638c6548908baeb1e945db77b747ff85e74fea3c

      SHA512

      1ca4533b00800d0c68560983993dfccc600e1405583cb597fbb5c7248f81b6399d9976857a945453e5cf7e2778ae1e3f28c69c6af1d09bf8b7166c71d4b94740

      Download Submit

    • \ProgramData\SxS\rc.exe
      Filesize

      67KB

      MD5

      3560bc05de9f7ef2df54495a4c6774f8

      SHA1

      7f64b41b320913ecc10bbe251fe1f169c5520d20

      SHA256

      83be17ad26522c9e0e6b28c8638c6548908baeb1e945db77b747ff85e74fea3c

      SHA512

      1ca4533b00800d0c68560983993dfccc600e1405583cb597fbb5c7248f81b6399d9976857a945453e5cf7e2778ae1e3f28c69c6af1d09bf8b7166c71d4b94740

      Download Submit

    • \ProgramData\SxS\rc.exe
      Filesize

      67KB

      MD5

      3560bc05de9f7ef2df54495a4c6774f8

      SHA1

      7f64b41b320913ecc10bbe251fe1f169c5520d20

      SHA256

      83be17ad26522c9e0e6b28c8638c6548908baeb1e945db77b747ff85e74fea3c

      SHA512

      1ca4533b00800d0c68560983993dfccc600e1405583cb597fbb5c7248f81b6399d9976857a945453e5cf7e2778ae1e3f28c69c6af1d09bf8b7166c71d4b94740

      Download Submit

    • \ProgramData\SxS\rcdll.dll
      Filesize

      4KB

      MD5

      a53220cfef72a3dae4ef290790adccc9

      SHA1

      d98ec3a0556a758a8bd806743b44840470062af0

      SHA256

      773a32d2c553b069ec7c49fe5285084de8da72924f4da2a1f789ae4dd8ef6717

      SHA512

      57ff498b6ef22f9bc14a243c8cf00404ed9ecb5853e5953925f717043165529154635b1f135ea7e926f51a3e35fdbfa408c92f111de31395340661a1d6f953aa

      Download Submit

    • \ProgramData\SxS\rcdll.dll
      Filesize

      4KB

      MD5

      a53220cfef72a3dae4ef290790adccc9

      SHA1

      d98ec3a0556a758a8bd806743b44840470062af0

      SHA256

      773a32d2c553b069ec7c49fe5285084de8da72924f4da2a1f789ae4dd8ef6717

      SHA512

      57ff498b6ef22f9bc14a243c8cf00404ed9ecb5853e5953925f717043165529154635b1f135ea7e926f51a3e35fdbfa408c92f111de31395340661a1d6f953aa

      Download Submit

    • \ProgramData\SxS\rcdll.dll
      Filesize

      4KB

      MD5

      a53220cfef72a3dae4ef290790adccc9

      SHA1

      d98ec3a0556a758a8bd806743b44840470062af0

      SHA256

      773a32d2c553b069ec7c49fe5285084de8da72924f4da2a1f789ae4dd8ef6717

      SHA512

      57ff498b6ef22f9bc14a243c8cf00404ed9ecb5853e5953925f717043165529154635b1f135ea7e926f51a3e35fdbfa408c92f111de31395340661a1d6f953aa

      Download Submit

    • \ProgramData\SxS\rcdll.dll
      Filesize

      4KB

      MD5

      a53220cfef72a3dae4ef290790adccc9

      SHA1

      d98ec3a0556a758a8bd806743b44840470062af0

      SHA256

      773a32d2c553b069ec7c49fe5285084de8da72924f4da2a1f789ae4dd8ef6717

      SHA512

      57ff498b6ef22f9bc14a243c8cf00404ed9ecb5853e5953925f717043165529154635b1f135ea7e926f51a3e35fdbfa408c92f111de31395340661a1d6f953aa

      Download Submit

    • \Users\Admin\AppData\Local\Temp\33CF.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • \Users\Admin\AppData\Local\Temp\33CF.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • \Users\Admin\AppData\Local\Temp\4137.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • \Users\Admin\AppData\Local\Temp\4137.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • \Users\Admin\AppData\Local\Temp\49FD.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • \Users\Admin\AppData\Local\Temp\49FD.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • \Users\Admin\AppData\Local\Temp\4B93.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • \Users\Admin\AppData\Local\Temp\4B93.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • \Users\Admin\AppData\Local\Temp\60.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • \Users\Admin\AppData\Local\Temp\60.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • \Users\Admin\AppData\Local\Temp\94E2.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • \Users\Admin\AppData\Local\Temp\94E2.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • \Users\Admin\AppData\Local\Temp\B5E9.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • \Users\Admin\AppData\Local\Temp\B5E9.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • \Users\Admin\AppData\Local\Temp\D9CD.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • \Users\Admin\AppData\Local\Temp\D9CD.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • \Users\Admin\AppData\Local\Temp\E4F4.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • \Users\Admin\AppData\Local\Temp\E4F4.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • \Users\Admin\AppData\Local\Temp\EDBB.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • \Users\Admin\AppData\Local\Temp\EDBB.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • \Users\Admin\AppData\Local\Temp\F79A.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • \Users\Admin\AppData\Local\Temp\F79A.tmp
      Filesize

      244KB

      MD5

      10af3275e1c5b6adb1503808f0a6457d

      SHA1

      c6d0cf4613f13a4d745a34abf90443a622c7116b

      SHA256

      405d09df4d7721e534d5f85a08f65d1991734cc102d598f2769a863852606c81

      SHA512

      a28c41175d062344a2b869df65b3e7dbd02cb1d7f1491e489226d7f14dfb431e4948b4ca31c9831f8941853388212c44e52f00a16724cabf4a96bee3be340b37

      Download Submit

    • memory/596-75-0x00000000003A0000-0x00000000004A0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/596-79-0x00000000004E0000-0x000000000051C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/596-94-0x00000000004E0000-0x000000000051C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/768-212-0x00000000002C0000-0x00000000002FC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/768-220-0x00000000002C0000-0x00000000002FC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/892-228-0x0000000000360000-0x000000000039C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/940-184-0x0000000000350000-0x000000000038C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/940-215-0x0000000000350000-0x000000000038C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/972-219-0x00000000066E0000-0x00000000066F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/972-216-0x00000000732BD000-0x00000000732C8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/972-199-0x0000000070FB1000-0x0000000070FB4000-memory.dmp

      Filesize

      12KB

      Download

    • memory/972-200-0x00000000722D1000-0x00000000722D3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/972-203-0x00000000732BD000-0x00000000732C8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1100-126-0x00000000002C0000-0x00000000002FC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1224-164-0x00000000001A0000-0x00000000001DC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1424-93-0x0000000000250000-0x000000000028C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1424-128-0x0000000000250000-0x000000000028C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1424-84-0x00000000000E0000-0x0000000000109000-memory.dmp

      Filesize

      164KB

      Download

    • memory/1488-60-0x000007FEFB8E1000-0x000007FEFB8E3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1492-214-0x0000000000280000-0x00000000002BC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1492-165-0x0000000000280000-0x00000000002BC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1532-185-0x0000000000480000-0x00000000004BC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1532-127-0x0000000000480000-0x00000000004BC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1620-88-0x0000000000310000-0x000000000034C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1632-188-0x0000000006440000-0x000000000659C000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/1632-181-0x0000000072231000-0x0000000072234000-memory.dmp

      Filesize

      12KB

      Download

    • memory/1632-182-0x000000006FCB1000-0x000000006FCB3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1632-187-0x0000000070C9D000-0x0000000070CA8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1648-195-0x0000000000370000-0x00000000003AC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1772-56-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1772-57-0x0000000075291000-0x0000000075293000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1772-61-0x0000000070C9D000-0x0000000070CA8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1772-77-0x00000000065B0000-0x00000000065C0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1772-58-0x0000000070C9D000-0x0000000070CA8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1772-55-0x000000006FCB1000-0x000000006FCB3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1772-54-0x0000000072231000-0x0000000072234000-memory.dmp

      Filesize

      12KB

      Download

    • memory/1788-145-0x00000000002C0000-0x00000000002FC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1792-78-0x0000000000350000-0x000000000038C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1792-66-0x0000000000220000-0x000000000024A000-memory.dmp

      Filesize

      168KB

      Download

    • memory/1880-138-0x0000000070C9D000-0x0000000070CA8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1880-134-0x0000000072231000-0x0000000072234000-memory.dmp

      Filesize

      12KB

      Download

    • memory/1880-148-0x0000000070C9D000-0x0000000070CA8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1880-147-0x00000000063D0000-0x00000000063E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1880-135-0x000000006FCB1000-0x000000006FCB3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1932-163-0x00000000732BD000-0x00000000732C8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1932-152-0x00000000722D1000-0x00000000722D3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1932-151-0x0000000070FB1000-0x0000000070FB4000-memory.dmp

      Filesize

      12KB

      Download

    • memory/1940-213-0x0000000000350000-0x000000000038C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1940-221-0x0000000000350000-0x000000000038C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/2032-130-0x00000000002A0000-0x00000000002DC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/2032-111-0x00000000002A0000-0x00000000002DC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/2040-97-0x00000000722D1000-0x00000000722D3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2040-98-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2040-96-0x0000000070FB1000-0x0000000070FB4000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2040-114-0x0000000006410000-0x0000000006420000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2040-125-0x000000006A9A1000-0x000000006A9A3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2040-129-0x00000000732BD000-0x00000000732C8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2040-101-0x00000000732BD000-0x00000000732C8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2180-233-0x000000006FCB1000-0x000000006FCB3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2180-232-0x0000000072231000-0x0000000072234000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2180-237-0x00000000065F0000-0x000000000674C000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/2180-236-0x0000000070C9D000-0x0000000070CA8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2256-244-0x0000000000340000-0x000000000037C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/2392-262-0x0000000006570000-0x0000000006580000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-253-0x00000000732BD000-0x00000000732C8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2460-260-0x0000000000340000-0x000000000037C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/2580-269-0x0000000070C9D000-0x0000000070CA8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2652-276-0x0000000000480000-0x00000000004BC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/2772-293-0x00000000732BD000-0x00000000732C8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2772-283-0x00000000732BD000-0x00000000732C8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2848-291-0x00000000003A0000-0x00000000003DC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/2960-302-0x0000000070C9D000-0x0000000070CA8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/3040-308-0x00000000005B0000-0x00000000005EC000-memory.dmp

      Filesize

      240KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.