Overview

overview

9

Static

static

9

Vape Launcher.exe

windows10-1703-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    04/09/2024, 22:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Vape Launcher.exe

  • Size

    60.3MB

  • MD5

    73ea53e2da8be95a006d7ba6dd4f0534

  • SHA1

    880809840d5a6744943e768d8ac021e28dcf8e15

  • SHA256

    319a145536f32881604eaf8ed2a20de6d2f496ff5229d9ad92eafc64314acf64

  • SHA512

    65c36fe3e1fc6d0d4a5ba52812d8c6fa74207dc25adab4f321c916cc777ce5fc17d9c12277d273981f8e0642d7054b677a5dbd9467cb4f54a431dc57c74500f3

  • SSDEEP

    1572864:i99RQ4pTVQR8lN2S0qicZIYbXJ++ZdNeEcFBqUFmg:itPxmRevM3EGsU0g

Score
9/10

Malware Config

Signatures

  • Detected Nirsoft tools 1 IoCs

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\Vape Launcher.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2840
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4572
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4636
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4636.0.1832196360\526011161" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1680 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff286626-a433-4efa-93d5-3170c26fe4c5} 4636 "\\.\pipe\gecko-crash-server-pipe.4636" 1796 1e6f9ed7b58 gpu
        3⤵
          PID:380
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4636.1.651470953\1552458582" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f7ee5b8-0213-48dc-915e-3fda953b5c94} 4636 "\\.\pipe\gecko-crash-server-pipe.4636" 2152 1e6f9bfb258 socket
          3⤵
            PID:764
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4636.2.1986161304\507421517" -childID 1 -isForBrowser -prefsHandle 2988 -prefMapHandle 2892 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {452d77dd-c15f-4bdb-96d2-81d42324b51e} 4636 "\\.\pipe\gecko-crash-server-pipe.4636" 3060 1e6fdfc7858 tab
            3⤵
              PID:4176
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4636.3.187244050\852287520" -childID 2 -isForBrowser -prefsHandle 3460 -prefMapHandle 3452 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f47f1b4-894f-423f-a53b-05038018d77e} 4636 "\\.\pipe\gecko-crash-server-pipe.4636" 3476 1e6eed62858 tab
              3⤵
                PID:3632
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4636.4.2012218760\1544615076" -childID 3 -isForBrowser -prefsHandle 1616 -prefMapHandle 4000 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5a7bea3-d8ad-4b69-b6de-3d158906122a} 4636 "\\.\pipe\gecko-crash-server-pipe.4636" 4012 1e6fefed358 tab
                3⤵
                  PID:4296
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4636.5.29888619\1807328338" -childID 4 -isForBrowser -prefsHandle 4868 -prefMapHandle 4864 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8111fc27-05d8-452b-95c2-b14778d239b2} 4636 "\\.\pipe\gecko-crash-server-pipe.4636" 4876 1e6eed61058 tab
                  3⤵
                    PID:2516
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4636.6.1948786165\145742025" -childID 5 -isForBrowser -prefsHandle 5008 -prefMapHandle 5012 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be8d9ff4-cd50-4365-aaa1-1aacfbd41fff} 4636 "\\.\pipe\gecko-crash-server-pipe.4636" 5000 1e6fdf45e58 tab
                    3⤵
                      PID:4996
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4636.7.41084210\1157171971" -childID 6 -isForBrowser -prefsHandle 5208 -prefMapHandle 5212 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b17d69f-3587-47b7-9aef-b952c07e32ae} 4636 "\\.\pipe\gecko-crash-server-pipe.4636" 5200 1e70126c258 tab
                      3⤵
                        PID:2012
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4636.8.1252104832\1881661651" -childID 7 -isForBrowser -prefsHandle 4552 -prefMapHandle 4580 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c8691ce-a88d-45ee-a2e2-cf462b5192e0} 4636 "\\.\pipe\gecko-crash-server-pipe.4636" 4156 1e6fc519058 tab
                        3⤵
                          PID:2648

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                      Filesize

                      442KB

                      MD5

                      85430baed3398695717b0263807cf97c

                      SHA1

                      fffbee923cea216f50fce5d54219a188a5100f41

                      SHA256

                      a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                      SHA512

                      06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                      Filesize

                      8.0MB

                      MD5

                      a01c5ecd6108350ae23d2cddf0e77c17

                      SHA1

                      c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                      SHA256

                      345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                      SHA512

                      b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
                      Filesize

                      2KB

                      MD5

                      31feb5a6102a2ab4cac59b9b7836f42e

                      SHA1

                      5b31c02e9110de7b20c712fb5ebc243372244fe7

                      SHA256

                      89fd071d6c8d7e8a715fc9df4714764412a85fed531cd1c1804f4320d75b890f

                      SHA512

                      62a834797ccb6b2f22caab8b2736002e936479c481bfaea24ff9037a3de62c3aae9a280cf53f0d08f24eb46f7ac13da38320dc5669b6f367f6197c1ab380b3c1

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\0878c571-bf45-4807-ae6d-42af89cd0810
                      Filesize

                      10KB

                      MD5

                      f03b1a59b1427edee638465619fb5302

                      SHA1

                      81d9a3f5e48e280ecb5ff0ef1b1f8a0be1ebda0d

                      SHA256

                      e653cb4f8fab0da99bb01affd5d3447e9280eb4a60924bc75c718ae249f11bc8

                      SHA512

                      c936eb518701021b233ac80c35d1f53db5d52ca5bb1de5c1a494f28f237df93e0fb9d1c556d011150cb02d49e4c3f119d3899fd336af62bf20a06be75bc18bba

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\1fd2019b-0a59-4b39-94bd-53fe16617d1c
                      Filesize

                      746B

                      MD5

                      782dcb114dc9b8ca2621c65634d7e275

                      SHA1

                      c7ea103df78b571b33c235aa0bd67fd5f44b56cb

                      SHA256

                      4796235e5ff24e5cd545c63b0710cea04cf6d8630697509f60111df166409963

                      SHA512

                      07f24c5c60d8d222299cc1b6ce51bcc77d679bfa24b598422729a11d06e74a2dc5b78d2027f648bbf529efdbd191484d520f37e596dd7ede8b626f96670bd008

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                      Filesize

                      997KB

                      MD5

                      fe3355639648c417e8307c6d051e3e37

                      SHA1

                      f54602d4b4778da21bc97c7238fc66aa68c8ee34

                      SHA256

                      1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                      SHA512

                      8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                      Filesize

                      116B

                      MD5

                      3d33cdc0b3d281e67dd52e14435dd04f

                      SHA1

                      4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                      SHA256

                      f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                      SHA512

                      a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                      Filesize

                      479B

                      MD5

                      49ddb419d96dceb9069018535fb2e2fc

                      SHA1

                      62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                      SHA256

                      2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                      SHA512

                      48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                      Filesize

                      372B

                      MD5

                      8be33af717bb1b67fbd61c3f4b807e9e

                      SHA1

                      7cf17656d174d951957ff36810e874a134dd49e0

                      SHA256

                      e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                      SHA512

                      6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                      Filesize

                      11.8MB

                      MD5

                      33bf7b0439480effb9fb212efce87b13

                      SHA1

                      cee50f2745edc6dc291887b6075ca64d716f495a

                      SHA256

                      8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                      SHA512

                      d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                      Filesize

                      1KB

                      MD5

                      688bed3676d2104e7f17ae1cd2c59404

                      SHA1

                      952b2cdf783ac72fcb98338723e9afd38d47ad8e

                      SHA256

                      33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                      SHA512

                      7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                      Filesize

                      1KB

                      MD5

                      937326fead5fd401f6cca9118bd9ade9

                      SHA1

                      4526a57d4ae14ed29b37632c72aef3c408189d91

                      SHA256

                      68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                      SHA512

                      b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      a66769d552c98e48d79b4af50257da23

                      SHA1

                      0fcb3d328f244fa5155d7d423cfebb383970af3c

                      SHA256

                      c59075606c9f17f53df0b25f35a6e206f1a64263964b601fdf36658cb45457b2

                      SHA512

                      2c577ff58da65932aa4bf9bb1c49da01aed1fcf546cb74c782248fe22208bee0892bd60f97c409457d3e4602d6bb79826d5613b3fff7ef469909e74af1d9f7cc

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
                      Filesize

                      7KB

                      MD5

                      62a166d1d6de61e9ccb19d89631c5bbe

                      SHA1

                      3844378771e50b5cffb2f4b14075a830b5067a67

                      SHA256

                      e6a2eedb7958dd70e0b3ec18fee0efecba71af5d94428c01a419ef3ca0c631a9

                      SHA512

                      a99a5601fdeca5d7c88c282cd4cc1357d0affee522f45bdcfe825e02f40cc918bb4119cbaf878755ae7fc512e510f32b5a7e4deaf5df6be24aa60e38cd1046f5

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      c883949c46abfee451d171880e478c51

                      SHA1

                      817e8540764bc23b0419b01c979c47989b17d0bd

                      SHA256

                      162cb20d71071ca4651746ac88d7b926f5a8f86ac42a593e5c069051243c81bb

                      SHA512

                      4159d87577cee7dcddbd5f32726b542f08552a9745caafc5155e7b22d7dcbfa83c013bbbfe2a1cec016fac3775aedfc782c6ae875cd45e2c1f7f764041c57f49

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      3KB

                      MD5

                      07bc46f12fb951bda7140a6f7c458d5c

                      SHA1

                      46f44e809e850cba55c2dfb9e2e4ba07029e6908

                      SHA256

                      935d32e175c595c13b4e34314af5f1fd540d68f743307ddc5a41b53e19f258b1

                      SHA512

                      12eff13983f21b4f3770e8dfe5a2c6f6b2aa91b49d45302eb9b380df445c9befb918cb2769def5cffcdeba0bea1f71c630a5f9174dc08f0577dbdfb6b5e87985

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      4KB

                      MD5

                      d9b2b6d4bbe52e9efea555e8ebe0b191

                      SHA1

                      c61024202a230f8a7f9d197056fbb7c337936d96

                      SHA256

                      a95c03bdbce0bb62dee7ef1aa2934a9f9267ac797472b017602a26fe1c58f446

                      SHA512

                      dc06f115248dee57f82d166d203f5a755fcc3553b77353e4accbfc298c1bbf86a45995f173da5253be26106ee16ca80a3d86af83cb5d71d8ade39c09ca3287df

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                      Filesize

                      184KB

                      MD5

                      e7d901ad03d22078f4c42ecc83c3bd45

                      SHA1

                      13ffe2ced2026e6b99c39a96d006c7832a72ba17

                      SHA256

                      fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17

                      SHA512

                      8e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9

                      Download Submit

                    • memory/2840-12-0x00007FFA5EE10000-0x00007FFA5F7FC000-memory.dmp

                      Filesize

                      9.9MB

                      Download

                    • memory/2840-6-0x00000183792D0000-0x00000183792D6000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/2840-4-0x0000018378880000-0x00000183788B2000-memory.dmp

                      Filesize

                      200KB

                      Download

                    • memory/2840-5-0x00000183792B0000-0x00000183792CC000-memory.dmp

                      Filesize

                      112KB

                      Download

                    • memory/2840-2-0x00007FFA5EE10000-0x00007FFA5F7FC000-memory.dmp

                      Filesize

                      9.9MB

                      Download

                    • memory/2840-13-0x00007FFA5EE10000-0x00007FFA5F7FC000-memory.dmp

                      Filesize

                      9.9MB

                      Download

                    • memory/2840-0-0x00007FFA5EE13000-0x00007FFA5EE14000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/2840-3-0x0000018379310000-0x0000018379486000-memory.dmp

                      Filesize

                      1.5MB

                      Download

                    • memory/2840-1-0x0000018372F40000-0x0000018376B9A000-memory.dmp

                      Filesize

                      60.4MB

                      Download

                    • memory/2840-11-0x00007FFA5EE10000-0x00007FFA5F7FC000-memory.dmp

                      Filesize

                      9.9MB

                      Download

                    • memory/2840-10-0x00007FFA5EE13000-0x00007FFA5EE14000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/2840-9-0x00007FFA5EE10000-0x00007FFA5F7FC000-memory.dmp

                      Filesize

                      9.9MB

                      Download

                    • memory/2840-8-0x00007FFA5EE10000-0x00007FFA5F7FC000-memory.dmp

                      Filesize

                      9.9MB

                      Download

                    • memory/2840-7-0x00007FFA5EE10000-0x00007FFA5F7FC000-memory.dmp

                      Filesize

                      9.9MB

                      Download