Analysis

  • max time kernel
    731s
  • max time network
    736s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240319-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/04/2024, 09:33

General

  • Target

    My Logo.txt

  • Size

    1KB

  • MD5

    0c216c2df683ad0345ceaef4cf6d6d66

  • SHA1

    2066c54d1e540ce6806a514879b4cc4bf80a5df8

  • SHA256

    10a061a1867948f546fcca7d5acb9980dfa18b7c003504d97f35ba90a05de14b

  • SHA512

    164a579bab5759c0ac5b17035f2555902295a57454bb30dd375230a8f8e4fcbe3990a0c1475f048be4f2ef5aae69aa8a6432f81c11c9d601f9dfbba56f4875b8

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs
  • Downloads MZ/PE file
  • Sets file execution options in registry 2 TTPs 4 IoCs
  • Checks BIOS information in registry 2 TTPs 4 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 41 IoCs
  • Loads dropped DLL 64 IoCs
  • Registers COM server for autorun 1 TTPs 64 IoCs
  • Themida packer 12 IoCs

    Detects Themida, an advanced Windows software protection system.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs
  • Checks system information in the registry 2 TTPs 22 IoCs

    System information is often read in order to detect sandboxing environments.

  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 20 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 8 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 50 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\My Logo.txt"
    1⤵
      PID:3848
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2208
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc78ee9758,0x7ffc78ee9768,0x7ffc78ee9778
        2⤵
          PID:1328
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:2
          2⤵
            PID:1504
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:8
            2⤵
              PID:1768
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:8
              2⤵
                PID:2116
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                2⤵
                  PID:4648
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                  2⤵
                    PID:4076
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4512 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                    2⤵
                      PID:5396
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4728 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:8
                      2⤵
                        PID:5536
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4976 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:8
                        2⤵
                          PID:5544
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5084 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                          2⤵
                            PID:5680
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4780 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                            2⤵
                              PID:5760
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4812 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                              2⤵
                                PID:5928
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4924 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                2⤵
                                  PID:5964
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5472 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:8
                                  2⤵
                                    PID:5284
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:8
                                    2⤵
                                      PID:5548
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:8
                                      2⤵
                                        PID:5484
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3108 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                        2⤵
                                          PID:5152
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5880 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                          2⤵
                                            PID:5556
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4900 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                            2⤵
                                              PID:5808
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5620 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                              2⤵
                                                PID:5904
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5628 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                2⤵
                                                  PID:5736
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6072 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                  2⤵
                                                    PID:4644
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:8
                                                    2⤵
                                                      PID:5764
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6264 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:8
                                                      2⤵
                                                        PID:5796
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6084 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                        2⤵
                                                          PID:5520
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6436 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                          2⤵
                                                            PID:5776
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6384 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                            2⤵
                                                              PID:5432
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7172 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:8
                                                              2⤵
                                                                PID:2364
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6276 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                2⤵
                                                                  PID:2772
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6260 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                  2⤵
                                                                    PID:6228
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6324 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                    2⤵
                                                                      PID:6236
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=1996 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                      2⤵
                                                                        PID:6244
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=1800 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                        2⤵
                                                                          PID:6252
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7416 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                          2⤵
                                                                            PID:6260
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6824 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                            2⤵
                                                                              PID:6268
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8004 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                              2⤵
                                                                                PID:6296
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8148 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                2⤵
                                                                                  PID:6304
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8528 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                  2⤵
                                                                                    PID:6896
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8648 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                    2⤵
                                                                                      PID:6904
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8040 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                      2⤵
                                                                                        PID:7160
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8816 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                        2⤵
                                                                                          PID:6224
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9164 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                          2⤵
                                                                                            PID:6220
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9304 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                            2⤵
                                                                                              PID:6872
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9460 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                              2⤵
                                                                                                PID:6876
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=9472 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:6556
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9748 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                                  2⤵
                                                                                                    PID:6860
                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9892 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                                    2⤵
                                                                                                      PID:3192
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=9920 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                                      2⤵
                                                                                                        PID:2664
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=10180 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                                        2⤵
                                                                                                          PID:5412
                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=10184 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                                          2⤵
                                                                                                            PID:1472
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=10472 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                                            2⤵
                                                                                                              PID:2228
                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=10480 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                                              2⤵
                                                                                                                PID:6912
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=10756 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                                                2⤵
                                                                                                                  PID:6940
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=10904 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                                                  2⤵
                                                                                                                    PID:5796
                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=10932 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                                                    2⤵
                                                                                                                      PID:5508
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=11204 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                                                      2⤵
                                                                                                                        PID:368
                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=11228 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                                                        2⤵
                                                                                                                          PID:7148
                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=6316 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                                                          2⤵
                                                                                                                            PID:8676
                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=6700 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                                                            2⤵
                                                                                                                              PID:8776
                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=12012 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                                                              2⤵
                                                                                                                                PID:8880
                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=10044 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                                                                2⤵
                                                                                                                                  PID:8888
                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=12316 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                                                                  2⤵
                                                                                                                                    PID:9064
                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=12328 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                                                                    2⤵
                                                                                                                                      PID:9120
                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=11544 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                                                                      2⤵
                                                                                                                                        PID:8432
                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=11772 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                                                                        2⤵
                                                                                                                                          PID:8556
                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=12572 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                                                                          2⤵
                                                                                                                                            PID:8564
                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=12720 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                                                                            2⤵
                                                                                                                                              PID:5504
                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=12740 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                                                                              2⤵
                                                                                                                                                PID:5532
                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=12948 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                                                                                2⤵
                                                                                                                                                  PID:8848
                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=13236 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                                                                                  2⤵
                                                                                                                                                    PID:9084
                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=13256 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:1
                                                                                                                                                    2⤵
                                                                                                                                                      PID:9104
                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4532 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:2
                                                                                                                                                      2⤵
                                                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                      PID:7420
                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3352 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:8
                                                                                                                                                      2⤵
                                                                                                                                                        PID:7640
                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:8
                                                                                                                                                        2⤵
                                                                                                                                                          PID:8896
                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                                                                                                        1⤵
                                                                                                                                                          PID:5196
                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1332 --field-trial-handle=2260,i,11662483365823245381,11064702639240765741,262144 --variations-seed-version /prefetch:8
                                                                                                                                                          1⤵
                                                                                                                                                            PID:6880
                                                                                                                                                          • C:\Windows\System32\rundll32.exe
                                                                                                                                                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                            1⤵
                                                                                                                                                              PID:9744
                                                                                                                                                            • C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                              "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap26024:76:7zEvent16998
                                                                                                                                                              1⤵
                                                                                                                                                                PID:10192
                                                                                                                                                              • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                1⤵
                                                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                                                PID:5976
                                                                                                                                                              • C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap30084:76:7zEvent5947
                                                                                                                                                                1⤵
                                                                                                                                                                  PID:180
                                                                                                                                                                • C:\Users\Admin\Desktop\WaveTrial\Wave.exe
                                                                                                                                                                  "C:\Users\Admin\Desktop\WaveTrial\Wave.exe"
                                                                                                                                                                  1⤵
                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                  • Loads dropped DLL
                                                                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                  PID:6700
                                                                                                                                                                • C:\Users\Admin\Desktop\WaveTrial\Injector.exe
                                                                                                                                                                  "C:\Users\Admin\Desktop\WaveTrial\Injector.exe"
                                                                                                                                                                  1⤵
                                                                                                                                                                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                                                                                                  • Checks BIOS information in registry
                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                  • Checks whether UAC is enabled
                                                                                                                                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                                  PID:6732
                                                                                                                                                                • C:\Users\Admin\Desktop\WaveTrial\Injector.exe
                                                                                                                                                                  "C:\Users\Admin\Desktop\WaveTrial\Injector.exe"
                                                                                                                                                                  1⤵
                                                                                                                                                                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                                                                                                  • Checks BIOS information in registry
                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                  • Checks whether UAC is enabled
                                                                                                                                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                                  PID:7804
                                                                                                                                                                • C:\Users\Admin\Desktop\WaveTrial\Wave.exe
                                                                                                                                                                  "C:\Users\Admin\Desktop\WaveTrial\Wave.exe"
                                                                                                                                                                  1⤵
                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                  • Loads dropped DLL
                                                                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                  PID:9520
                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                                                                                                  1⤵
                                                                                                                                                                  • Enumerates system info in registry
                                                                                                                                                                  • Modifies data under HKEY_USERS
                                                                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                                                                                  • Suspicious use of SendNotifyMessage
                                                                                                                                                                  PID:7284
                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc78ee9758,0x7ffc78ee9768,0x7ffc78ee9778
                                                                                                                                                                    2⤵
                                                                                                                                                                      PID:8712
                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:2
                                                                                                                                                                      2⤵
                                                                                                                                                                        PID:9580
                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:8
                                                                                                                                                                        2⤵
                                                                                                                                                                          PID:6556
                                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:8
                                                                                                                                                                          2⤵
                                                                                                                                                                            PID:6140
                                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2828 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:1
                                                                                                                                                                            2⤵
                                                                                                                                                                              PID:5080
                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2844 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:1
                                                                                                                                                                              2⤵
                                                                                                                                                                                PID:4440
                                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4612 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:1
                                                                                                                                                                                2⤵
                                                                                                                                                                                  PID:7592
                                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4800 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:8
                                                                                                                                                                                  2⤵
                                                                                                                                                                                    PID:9668
                                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4960 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:8
                                                                                                                                                                                    2⤵
                                                                                                                                                                                      PID:9644
                                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:8
                                                                                                                                                                                      2⤵
                                                                                                                                                                                        PID:8196
                                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5132 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:8
                                                                                                                                                                                        2⤵
                                                                                                                                                                                          PID:7368
                                                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3944 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:1
                                                                                                                                                                                          2⤵
                                                                                                                                                                                            PID:7828
                                                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2932 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:1
                                                                                                                                                                                            2⤵
                                                                                                                                                                                              PID:8388
                                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5576 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:1
                                                                                                                                                                                              2⤵
                                                                                                                                                                                                PID:9192
                                                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:8
                                                                                                                                                                                                2⤵
                                                                                                                                                                                                  PID:9980
                                                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:8
                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                    PID:1052
                                                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5840 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:8
                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                      PID:8744
                                                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4672 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:8
                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                        PID:8700
                                                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:8
                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                          PID:8360
                                                                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6048 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:8
                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                            PID:7984
                                                                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1684 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:8
                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                              PID:7936
                                                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:8
                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                PID:4524
                                                                                                                                                                                                              • C:\Users\Admin\Downloads\Bloxstrap-v2.5.4.exe
                                                                                                                                                                                                                "C:\Users\Admin\Downloads\Bloxstrap-v2.5.4.exe"
                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                • Checks computer location settings
                                                                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                • Suspicious use of SendNotifyMessage
                                                                                                                                                                                                                PID:7068
                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe" /silent /install
                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                  • Drops file in Program Files directory
                                                                                                                                                                                                                  PID:3296
                                                                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Temp\EU30AC.tmp\MicrosoftEdgeUpdate.exe
                                                                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Temp\EU30AC.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                    • Sets file execution options in registry
                                                                                                                                                                                                                    • Checks computer location settings
                                                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                                                    • Loads dropped DLL
                                                                                                                                                                                                                    • Checks system information in the registry
                                                                                                                                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                    PID:7504
                                                                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                      • Loads dropped DLL
                                                                                                                                                                                                                      • Modifies registry class
                                                                                                                                                                                                                      PID:5324
                                                                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                      • Loads dropped DLL
                                                                                                                                                                                                                      • Modifies registry class
                                                                                                                                                                                                                      PID:8476
                                                                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                                                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                        • Loads dropped DLL
                                                                                                                                                                                                                        • Registers COM server for autorun
                                                                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                                                                        PID:5628
                                                                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                                                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                        • Loads dropped DLL
                                                                                                                                                                                                                        • Registers COM server for autorun
                                                                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                                                                        PID:7960
                                                                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                                                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                        • Loads dropped DLL
                                                                                                                                                                                                                        • Registers COM server for autorun
                                                                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                                                                        PID:6084
                                                                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEZBMEU3QkEtMTA3Ny00MTI5LUI0MEItQzYyMjNGNjJENzQ2fSIgdXNlcmlkPSJ7MzRGRTJCNDItRjIzNi00MkRCLUE0RDMtQUFFMzVDNDVDNDMzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDNDREMzA3NC00NUVDLTQ3MTMtQjkyMy02MTI2RkVENjVFNjl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xODUuMjEiIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3Nzk5ODkxMjk5IiBpbnN0YWxsX3RpbWVfbXM9Ijk5MSIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                      • Loads dropped DLL
                                                                                                                                                                                                                      • Checks system information in the registry
                                                                                                                                                                                                                      PID:5180
                                                                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{4FA0E7BA-1077-4129-B40B-C6223F62D746}" /silent
                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                      • Loads dropped DLL
                                                                                                                                                                                                                      PID:5340
                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe
                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe" --app -channel production
                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                  • Loads dropped DLL
                                                                                                                                                                                                                  • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                                                                                                                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                  • Suspicious use of UnmapMainImage
                                                                                                                                                                                                                  PID:5728
                                                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                PID:6112
                                                                                                                                                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                                                                • Loads dropped DLL
                                                                                                                                                                                                                • Checks system information in the registry
                                                                                                                                                                                                                • Drops file in Windows directory
                                                                                                                                                                                                                • Modifies data under HKEY_USERS
                                                                                                                                                                                                                PID:9224
                                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEZBMEU3QkEtMTA3Ny00MTI5LUI0MEItQzYyMjNGNjJENzQ2fSIgdXNlcmlkPSJ7MzRGRTJCNDItRjIzNi00MkRCLUE0RDMtQUFFMzVDNDVDNDMzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins4MjcyOTZEQi05MzJCLTQ4NzMtODBEMS01Q0YyQ0M5QzVGODB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3ODE1NDIxMjk0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                  • Loads dropped DLL
                                                                                                                                                                                                                  • Checks system information in the registry
                                                                                                                                                                                                                  PID:8224
                                                                                                                                                                                                                • C:\Windows\SysWOW64\wermgr.exe
                                                                                                                                                                                                                  "C:\Windows\system32\wermgr.exe" "-outproc" "0" "9224" "1144" "1092" "1148" "0" "0" "0" "0" "0" "0" "0" "0"
                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                  • Checks processor information in registry
                                                                                                                                                                                                                  • Enumerates system info in registry
                                                                                                                                                                                                                  PID:5260
                                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEZBMEU3QkEtMTA3Ny00MTI5LUI0MEItQzYyMjNGNjJENzQ2fSIgdXNlcmlkPSJ7MzRGRTJCNDItRjIzNi00MkRCLUE0RDMtQUFFMzVDNDVDNDMzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InszQURCMTc1Mi03QzA5LTQ3RUQtOTUwQi03MUNFMUIwMjBGMDJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjEyMi4wLjIzNjUuOTIiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIyMCIgaW5zdGFsbGRhdGV0aW1lPSIxNzEwODk3MzMwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iNCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzg0MTE1MTIzNCIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                  • Loads dropped DLL
                                                                                                                                                                                                                  • Checks system information in the registry
                                                                                                                                                                                                                  PID:7984
                                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{200E7F22-6373-48CF-A00F-35223B9A536D}\MicrosoftEdge_X64_123.0.2420.81.exe
                                                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{200E7F22-6373-48CF-A00F-35223B9A536D}\MicrosoftEdge_X64_123.0.2420.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                  PID:6132
                                                                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{200E7F22-6373-48CF-A00F-35223B9A536D}\EDGEMITMP_18858.tmp\setup.exe
                                                                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{200E7F22-6373-48CF-A00F-35223B9A536D}\EDGEMITMP_18858.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{200E7F22-6373-48CF-A00F-35223B9A536D}\MicrosoftEdge_X64_123.0.2420.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                                                    • Drops file in Program Files directory
                                                                                                                                                                                                                    PID:9092
                                                                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{200E7F22-6373-48CF-A00F-35223B9A536D}\EDGEMITMP_18858.tmp\setup.exe
                                                                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{200E7F22-6373-48CF-A00F-35223B9A536D}\EDGEMITMP_18858.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.106 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{200E7F22-6373-48CF-A00F-35223B9A536D}\EDGEMITMP_18858.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.81 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff65fc5baf8,0x7ff65fc5bb04,0x7ff65fc5bb10
                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                      • Drops file in Program Files directory
                                                                                                                                                                                                                      PID:9008
                                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEZBMEU3QkEtMTA3Ny00MTI5LUI0MEItQzYyMjNGNjJENzQ2fSIgdXNlcmlkPSJ7MzRGRTJCNDItRjIzNi00MkRCLUE0RDMtQUFFMzVDNDVDNDMzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins2MzQzQUEzMi1CQzQ4LTRCMDAtOEExOS04QjMxNDlGODU0ODJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyMy4wLjI0MjAuODEiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc4NTI3MDExOTAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3ODUyOTkxNDk3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODExNDM4MTE4OSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvN2EwYTBiZDYtYjljOS00YzU2LTk2NDktZTllOWMyMmZiZTQzP1AxPTE3MTMyNjA0MDQmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9T1YlMmZIajNoMjNUWXBRa0RIZ1plZjJiMUN6cVNPaTV3WWZoS2h3Qm1JU3lrVUs4U0luREhnRk9FbjRKcFNVZnFtdUFnWkU2cU1NMVZza2FlNzU2dWUlMmJRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTcyMDg2NzQ0IiB0b3RhbD0iMTcyMDg2NzQ0IiBkb3dubG9hZF90aW1lX21zPSIxNzY1MyIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgxMTQ1MzA4OTgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MTM2NjcwNjY5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NzQ4ODIxMjk3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNzYxIiBkb3dubG9hZF90aW1lX21zPSIyNjEyMiIgZG93bmxvYWRlZD0iMTcyMDg2NzQ0IiB0b3RhbD0iMTcyMDg2NzQ0IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI2MTE4MCIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                  • Loads dropped DLL
                                                                                                                                                                                                                  • Checks system information in the registry
                                                                                                                                                                                                                  PID:5520
                                                                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3620 --field-trial-handle=2260,i,11662483365823245381,11064702639240765741,262144 --variations-seed-version /prefetch:8
                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                  PID:6260
                                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                  • Loads dropped DLL
                                                                                                                                                                                                                  • Checks system information in the registry
                                                                                                                                                                                                                  PID:5744
                                                                                                                                                                                                                • C:\Users\Admin\Desktop\WaveTrial\Wave.exe
                                                                                                                                                                                                                  "C:\Users\Admin\Desktop\WaveTrial\Wave.exe"
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                  • Checks computer location settings
                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                  • Loads dropped DLL
                                                                                                                                                                                                                  • Modifies registry class
                                                                                                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                  PID:5688
                                                                                                                                                                                                                  • C:\Users\Admin\Desktop\WaveTrial\CefSharp.BrowserSubprocess.exe
                                                                                                                                                                                                                    "C:\Users\Admin\Desktop\WaveTrial\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\Desktop\WaveTrial\debug.log" --field-trial-handle=2072,i,4087234429380233061,7540095979988604114,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=2064 /prefetch:2 --host-process-id=5688
                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                                                    • Loads dropped DLL
                                                                                                                                                                                                                    PID:9892
                                                                                                                                                                                                                  • C:\Users\Admin\Desktop\WaveTrial\dist\node.exe
                                                                                                                                                                                                                    "C:\Users\Admin\Desktop\WaveTrial\dist\node.exe" server
                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                    • Checks computer location settings
                                                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                                                    PID:9992
                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\WaveTrial\dist\shared\bin\wave-luau.exe
                                                                                                                                                                                                                      C:\Users\Admin\Desktop\WaveTrial\dist\shared\bin\wave-luau.exe lsp --definitions=C:\Users\Admin\Desktop\WaveTrial\dist\shared\bin\globalTypes.d.luau --definitions=C:\Users\Admin\Desktop\WaveTrial\dist\shared\bin\wave.d.luau --docs=C:\Users\Admin\Desktop\WaveTrial\dist\shared\bin\en-us.json
                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                      PID:7236
                                                                                                                                                                                                                  • C:\Users\Admin\Desktop\WaveTrial\CefSharp.BrowserSubprocess.exe
                                                                                                                                                                                                                    "C:\Users\Admin\Desktop\WaveTrial\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\Desktop\WaveTrial\debug.log" --field-trial-handle=2764,i,4087234429380233061,7540095979988604114,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=2760 /prefetch:3 --host-process-id=5688
                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                                                    • Loads dropped DLL
                                                                                                                                                                                                                    PID:9228
                                                                                                                                                                                                                  • C:\Users\Admin\Desktop\WaveTrial\CefSharp.BrowserSubprocess.exe
                                                                                                                                                                                                                    "C:\Users\Admin\Desktop\WaveTrial\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\Desktop\WaveTrial\debug.log" --field-trial-handle=3888,i,4087234429380233061,7540095979988604114,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=3884 /prefetch:8 --host-process-id=5688
                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                                                    • Loads dropped DLL
                                                                                                                                                                                                                    PID:10060
                                                                                                                                                                                                                  • C:\Users\Admin\Desktop\WaveTrial\CefSharp.BrowserSubprocess.exe
                                                                                                                                                                                                                    "C:\Users\Admin\Desktop\WaveTrial\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\Desktop\WaveTrial\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3968,i,4087234429380233061,7540095979988604114,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=3964 --host-process-id=5688 /prefetch:1
                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                    • Checks computer location settings
                                                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                                                    PID:3508
                                                                                                                                                                                                                  • C:\Users\Admin\Desktop\WaveTrial\CefSharp.BrowserSubprocess.exe
                                                                                                                                                                                                                    "C:\Users\Admin\Desktop\WaveTrial\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\Desktop\WaveTrial\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3972,i,4087234429380233061,7540095979988604114,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=3928 --host-process-id=5688 /prefetch:1
                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                    • Checks computer location settings
                                                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                                                    • Loads dropped DLL
                                                                                                                                                                                                                    PID:6164
                                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                  • Checks system information in the registry
                                                                                                                                                                                                                  • Modifies data under HKEY_USERS
                                                                                                                                                                                                                  PID:9116
                                                                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23429EC6-2D5B-493F-A6EE-937E6290B76D}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe
                                                                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23429EC6-2D5B-493F-A6EE-937E6290B76D}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe" /update /sessionid "{C0DEBB71-A45D-467D-89F6-D9A101BFE56A}"
                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                                                    • Drops file in Program Files directory
                                                                                                                                                                                                                    PID:5608
                                                                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Temp\EUE58D.tmp\MicrosoftEdgeUpdate.exe
                                                                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Temp\EUE58D.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{C0DEBB71-A45D-467D-89F6-D9A101BFE56A}"
                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                      • Sets file execution options in registry
                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                      • Checks system information in the registry
                                                                                                                                                                                                                      PID:9200
                                                                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                        PID:3652
                                                                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                                                                        PID:5572
                                                                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                                                          • Registers COM server for autorun
                                                                                                                                                                                                                          • Modifies registry class
                                                                                                                                                                                                                          PID:9800
                                                                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                                                          • Registers COM server for autorun
                                                                                                                                                                                                                          • Modifies registry class
                                                                                                                                                                                                                          PID:8556
                                                                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                                                          • Registers COM server for autorun
                                                                                                                                                                                                                          • Modifies registry class
                                                                                                                                                                                                                          PID:9716
                                                                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzBERUJCNzEtQTQ1RC00NjdELTg5RjYtRDlBMTAxQkZFNTZBfSIgdXNlcmlkPSJ7MzRGRTJCNDItRjIzNi00MkRCLUE0RDMtQUFFMzVDNDVDNDMzfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7MTBFQzI5OUEtNkQ0OS00Qjg4LUFFQTMtMzFFQUFDMTQ0RTQwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IlFFTVUiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4NS4yOSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTA4OTczMzAiIGNvaG9ydD0icnJmQDAuMDUiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExNTQ5NTAwNDg1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                        • Checks system information in the registry
                                                                                                                                                                                                                        PID:1864
                                                                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzBERUJCNzEtQTQ1RC00NjdELTg5RjYtRDlBMTAxQkZFNTZBfSIgdXNlcmlkPSJ7MzRGRTJCNDItRjIzNi00MkRCLUE0RDMtQUFFMzVDNDVDNDMzfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InszMUUyQTNFNi04NTNCLTRDODgtQUIwNS0yNjExQ0Q0MTY0NjV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTg1LjI5IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMjAiIGNvaG9ydD0icnJmQDAuMDUiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExMjQzNjMyNzgwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExMjQzNzg5MDgyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTQ5MjE0MjQyMiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzcyZWQ4MDg3LWVlOTgtNDI5Yy05MzMwLWNhM2MxOTNkNDFhZj9QMT0xNzEzMjYwNzQzJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVJLSFFHN3VPN0IzblFwJTJiJTJibjFQQ0c4YmhwWDRFUzI0dGRpc2p2dGtLeTRpRUhDaGlRdVRuUFg2UDdyRUVHaDE4Mm1pMFlzMU1WTlFMb1NOQzVKZVRJQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExNDkyMTYxOTkxIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy83MmVkODA4Ny1lZTk4LTQyOWMtOTMzMC1jYTNjMTkzZDQxYWY_UDE9MTcxMzI2MDc0MyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1SS0hRRzd1TzdCM25RcCUyYiUyYm4xUENHOGJocFg0RVMyNHRkaXNqdnRrS3k0aUVIQ2hpUXVUblBYNlA3ckVFR2gxODJtaTBZczFNVk5RTG9TTkM1SmVUSUElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNjMwNzkyIiB0b3RhbD0iMTYzMDc5MiIgZG93bmxvYWRfdGltZV9tcz0iMTkzOTQiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE0OTIxODE4MTIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE0OTg4MTIwOTIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48cGluZyByPSIyMCIgcmQ9IjYyODciIHBpbmdfZnJlc2huZXNzPSJ7RkQ0NzhFMTItMTcxMC00NTMxLTlFMTYtODJGMUQzMzJDNzlFfSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSIxMjIuMC4yMzY1LjkyIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjIwIiBvb2JlX2luc3RhbGxfdGltZT0iMTg0NDY3NDQwNzM3MDk1NTE2MDYiIHVwZGF0ZV9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNTUzNDk4MTM4NzI3NjMwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iLTEiIHI9IjIwIiBhZD0iLTEiIHJkPSI2Mjg3IiBwaW5nX2ZyZXNobmVzcz0iezE4MDUwQTQyLTgwMTctNDlGOS1BRUNELUU4NUZDQUUyODhCNX0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTIzLjAuMjQyMC44MSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2MzA3Ij48dXBkYXRlY2hlY2svPjxwaW5nIHI9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7QkY5RUIyQkMtQTEwOS00NThELTlCNkQtMzFBOEM5RjYzODIwfSIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                                                    • Checks system information in the registry
                                                                                                                                                                                                                    PID:528

                                                                                                                                                                                                                Network

                                                                                                                                                                                                                      MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                      Replay Monitor

                                                                                                                                                                                                                      Loading Replay Monitor...

                                                                                                                                                                                                                      Downloads

                                                                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Installer\setup.exe

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        6.8MB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        149e6b831dee17cc2122c64124654b5a

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        c4f67f0781345cfc6fdfc5670dcbecf3848afee2

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        3095052d066346ec2b48726ef87623f3e5e93400c6dd8b1e45a628fc0d72cf40

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        679966f6a48ccf9cac63c36a8f6823ed1476198b08d29368db94584b2be2ba4cb1278f4f6510a520933fd09bb83594ab544c94be4c0b05f1d8ee99443fc49085

                                                                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\123.0.2420.81\MicrosoftEdge_X64_123.0.2420.81.exe

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        164.1MB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        cf5144a59c3b26558c05a5226c4b53fe

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        bcf541fbd1bf0168a2d63ead5b06d8918b89b296

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        3a848782e612b4fd77d4910acb1a6f91b1eea3336065d4643486ff17e24970ea

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        2d46fdc92c09257cfafc9bdd659413d7925f405d7b78a6d9a44e353984d9fd70b7c3e9b87475eeee80f984377fdbb884055f4a4f10b7972746811326bfeb9a34

                                                                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.185.29\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        1.6MB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        b18c705b3c68cc49d9bf3649abc75c24

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        6dc8963dea0f3185368790dee2a346301b4fa24c

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        c2ca3135f3cafd79bf90d4cb3118943ca17f40e0d651d1fc32b1b3d22d1412aa

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        7ac302c1e85c652bd897ce1af812950cd23a53c041af82fdcecb2314bbd1667bf2fc672dea40c21858e64befc9bf60190a4428f0b41c30317bb0e5ec7c00f71b

                                                                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        201KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        4dc57ab56e37cd05e81f0d8aaafc5179

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        494a90728d7680f979b0ad87f09b5b58f16d1cd5

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

                                                                                                                                                                                                                      • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        171KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        20d700ec226e570c89f35a81914eb2f2

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        e93cff71921bf758f468766ff1572dfeb6d331a1

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        91be707cbbbd3b7285088e6ca3343f854c86cfeff3ea8c00626d1e48d9f41d46

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        3fc4e66c8b5029b812877ca3deb2ef0b8409177051633315b4b6f3531645eaad955a989f5035709e6d2d76b891b0038c6090a5cd0e797d3ead81f57654b8c0d4

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Bloxstrap\Modifications\ClientSettings\ClientAppSettings.json

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        120B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        636492f4af87f25c20bd34a731007d86

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        22a5c237a739ab0df4ff87c9e3d79dbe0c89b56a

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        22a1e85723295eeb854345be57f7d6fb56f02b232a95d69405bf9d9e67a0fa0d

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        cd2e3a738f535eb1a119bd4c319555899bcd4ce1049d7f8591a1a68c26844f33c1bd1e171706533b5c36263ade5e275b55d40f5710e0210e010925969182cd0c

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaApp\graphic\shimmer_lightTheme.png

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        20KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        4f8f43c5d5c2895640ed4fdca39737d5

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        fb46095bdfcab74d61e1171632c25f783ef495fa

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        fc57f32c26087eef61b37850d60934eda1100ca8773f08e487191a74766053d1

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        7aebc0f79b2b23a76fb41df8bab4411813ffb1abc5e2797810679c0eaa690e7af7561b8473405694bd967470be337417fa42e30f0318acbf171d8f31620a31aa

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaApp\graphic\[email protected]

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        71KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        3fec0191b36b9d9448a73ff1a937a1f7

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        bee7d28204245e3088689ac08da18b43eae531ba

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        1a03e6f6a0de045aa588544c392d671c040b82a5598b4246af04f5a74910dc89

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        a8ab2bc2d937963af36d3255c6ea09cae6ab1599996450004bb18e8b8bdfbdde728821ac1662d8a0466680679011d8f366577b143766838fe91edf08a40353ce

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaDiscussions\buttonFill.png

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        247B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        81ce54dfd6605840a1bd2f9b0b3f807d

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        4a3a4c05b9c14c305a8bb06c768abc4958ba2f1c

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        0a6a5cafb4dee0d8c1d182ddec9f68ca0471d7fc820cf8dc2d68f27a35cd3386

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        57069c8ac03dd0fdfd97e2844c19138800ff6f7d508c26e5bc400b30fe78baa0991cc39f0f86fa10cd5d12b6b11b0b09c1a770e5cb2fdca157c2c8986a09e5ff

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\PlatformContent\pc\textures\corrodedmetal\normaldetail.dds

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        176B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        f527b5859d7ca6c080ba954f3013883f

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        3d00b598b1fb762ae0921bcc49ca189f05f417d2

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        ff11c95774ee0405666fa313f1e53ebb46b1352bfff3456ac2b2caccdab07b4d

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        e908a29c4316a15f5c16a005c69b402e0525b80e0c3284d6f19074ab8b05d62d079ecf43974b223a68d7c56cbf1789df69ab260553de1aab0edfbdad5e6d654d

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\configs\DateTimeLocaleConfigs\zh-hans.json

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        2KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        fb6605abd624d1923aef5f2122b5ae58

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        6e98c0a31fa39c781df33628b55568e095be7d71

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        7b993133d329c46c0c437d985eead54432944d7b46db6ad6ea755505b8629d00

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        97a14eda2010033265b379aa5553359293baf4988a4cdde8a40b0315e318a7b30feee7f5e14c68131e85610c00585d0c67e636999e3af9b5b2209e1a27a82223

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\configs\DateTimeLocaleConfigs\zh-tw.json

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        2KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        702c9879f2289959ceaa91d3045f28aa

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        775072f139acc8eafb219af355f60b2f57094276

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        a92a6988175f9c1d073e4b54bf6a31f9b5d3652eebdf6a351fb5e12bda76cbd5

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        815a6bef134c0db7a5926f0cf4b3f7702d71b0b2f13eca9539cd2fc5a61eea81b1884e4c4bc0b3398880589bff809ac8d5df833e7e4aeda4a1244e9a875d1e97

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\sounds\ouch.ogg

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        6KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        9404c52d6f311da02d65d4320bfebb59

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        0b5b5c2e7c631894953d5828fec06bdf6adba55f

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        c9775e361392877d1d521d0450a5368ee92d37dc542bc5e514373c9d5003f317

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        22aa1acbcdcf56f571170d9c32fd0d025c50936387203a7827dbb925f352d2bc082a8a79db61c2d1f1795ad979e93367c80205d9141b73d806ae08fa089837c4

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\Cursors\KeyboardMouse\IBeamCursor.png

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        292B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        464c4983fa06ad6cf235ec6793de5f83

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        8afeb666c8aee7290ab587a2bfb29fc3551669e8

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        99fd7f104948c6ab002d1ec69ffd6c896c91f9accc499588df0980b4346ecbed

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        f805f5f38535fe487b899486c8de6cf630114964e2c3ebc2af7152a82c6f6faef681b4d936a1867b5dff6566b688b5c01105074443cc2086b3fe71f7e6e404b1

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\StudioToolbox\Clear.png

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        538B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        fa8eaf9266c707e151bb20281b3c0988

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        3ca097ad4cd097745d33d386cc2d626ece8cb969

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        8cf08bf7e50fea7b38f59f162ed956346c55a714ed8a9a8b0a1ada7e18480bc2

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        e29274300eab297c6de895bb39170f73f0a4ffa2a8c3732caeeeac16e2c25fb58bb401fdd5823cc62d9c413ec6c43d7c46861d7e14d52f8d9d8ff632e29f167c

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\StudioUIEditor\valueBoxRoundedRectangle.png

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        130B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        521fb651c83453bf42d7432896040e5e

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        8fdbf2cc2617b5b58aaa91b94b0bf755d951cad9

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        630303ec4701779eaf86cc9fbf744b625becda53badc7271cbb6ddc56e638d70

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        8fa0a50e52a3c7c53735c7dd7af275ebc9c1843f55bb30ebe0587a85955a8da94ff993822d233f7ed118b1070a7d67718b55ba4a597dc49ed2bf2a3836c696f6

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\TerrainTools\checkbox_square.png

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        985B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        2cb16991a26dc803f43963bdc7571e3f

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        12ad66a51b60eeaed199bc521800f7c763a3bc7b

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        c7bae6d856f3bd9f00c122522eb3534d0d198a9473b6a379a5c3458181870646

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        4c9467e5e2d83b778d0fb8b6fd97964f8d8126f07bfd50c5d68c256703f291ceaed56be057e8e2c591b2d2c49f6b7e099a2b7088d0bf5bdd901433459663b1f8

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\ui\Controls\XboxController\Thumbstick1.png

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        641B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        2cbe38df9a03133ddf11a940c09b49cd

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        6fb5c191ed8ce9495c66b90aaf53662bfe199846

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        0835a661199a7d8df7249e8ae925987184efcc4fb85d9efac3cc2c1495020517

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        dcef5baccef9fff632456fe7bc3c4f4a403363d9103a8047a55f4bd4c413d0c5f751a2e37385fe9eba7a420dbdb77ca2ff883d47fcdd35af222191cc5bd5c7a9

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\ui\Controls\XboxController\[email protected]

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        1KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        e8c88cf5c5ef7ae5ddee2d0e8376b32f

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        77f2a5b11436d247d1acc3bac8edffc99c496839

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        9607af14604a8e8eb1dec45d3eeca01fed33140c0ccc3e6ef8ca4a1f6219b5dd

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        32f5a1e907705346a56fbddfe0d8841d05415ff7abe28ae9281ba46fedf8270b982be0090b72e2e32de0ce36e21934f80eaf508fd010f7ab132d39f5305fb68f

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\ui\Controls\XboxController\[email protected]

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        1KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        499333dae156bb4c9e9309a4842be4c8

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        d18c4c36bdb297208589dc93715560acaf761c3a

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        d35a74469f1436f114c27c730a5ec0793073bcf098db37f10158d562a3174591

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        91c64173d2cdabc045c70e0538d45e1022cc74ec04989565b85f0f26fe3e788b700a0956a07a8c91d34c06fc1b7fad43bbdbb41b0c6f15b9881c3e46def8103e

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\ui\Controls\XboxController\Thumbstick2.png

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        738B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        a402aacac8be906bcc07d50669d32061

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        9d75c1afbe9fc482983978cae4c553aa32625640

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        62a313b6cc9ffe7dd86bc9c4fcd7b8e8d1f14a15cdf41a53fb69af4ae3416102

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        d11567bcaad8bbd9e2b9f497c3215102c7e7546caf425e93791502d3d2b3f78dec13609796fcd6e1e7f5c7d794bac074d00a74001e7fe943d63463b483877546

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\ui\Controls\XboxController\[email protected]

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        1KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        83e9b7823c0a5c4c67a603a734233dec

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        2eaf04ad636bf71afdf73b004d17d366ac6d333e

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        3b5e06eb1a89975def847101f700f0caa60fe0198f53e51974ef1608c6e1e067

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        e8abb39a1ec340ac5c7d63137f607cd09eae0e885e4f73b84d8adad1b8f574155b92fbf2c9d3013f64ebbb6d55ead5419e7546b0f70dcde976d49e7440743b0f

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\ui\Controls\XboxController\[email protected]

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        1KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        55b64987636b9740ab1de7debd1f0b2f

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        96f67222ce7d7748ec968e95a2f6495860f9d9c9

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        f4a6bb3347ee3e603ea0b2f009bfa802103bc434ae3ff1db1f2043fa8cace8fc

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        73a88a278747de3fefbaabb3ff90c1c0750c8d6c17746787f17061f4eff933620407336bf9b755f4222b0943b07d8c4d01de1815d42ea65e78e0daa7072591e9

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        738B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        8c14f001ae6d75f4e8fd6cb3a992c864

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        ec775ba263ef2fd1d6f8cc48073b32d7f86fc7c4

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        9324617545220e057096555fdeed9569623f01bbcd7375b349126ce7e353d5d0

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        498e8a5f1019a3500997ec08f80045cf0229a58e6f21e3eb2d581520eaef32d7a3906d7f1a9afb2c609920b3ec8cec87b63ea7905dac92a627725b0a2c6e714d

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json~RFe626d6a.TMP

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        529B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        7020b0b40d930440124a510da5e871a3

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        af3b284541e4a518dc02f093cb2528b6c2294b0f

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        a6fab16fbbd35ab419c57bf0c91f989cc75c3b80ae10b551bd4eb5e18cf313c2

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        c0cec0e9b261287e4895c43588e1de8267beeaee7c81664a135508f4314312e7dde6efcf25e0ae07293d28f4d8ba7e1855ab7d8c669d1504429c86a705b674ec

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        40B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        4a0b907083f8afcc81fd894fb6c45d01

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        7161d696223d3373ccce860cf81249d7f738a02f

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        87b0af1a5d48c9852603c2cd73097e27beb903aca92354231262ceba0e276e4c

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        9a917882b29ac03f6af556b1c4cfb99b5e8260a4bf9a179b91cb1a1ddf47c1cd5543b8d7f008d955320e567dd4fc0236e187717d4bda748289700b3fe920aca4

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        54KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        bcd140792a4934762c6034da0680b73d

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        ea77262e2b72fda3409ee848f7fb6e24fa66cdda

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        9308d28bfcf063742f96461076daae95c2b44b71b8ca7a13658ed3d562f9a68c

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        b112b8975c17c0d49da6a48af80a066e478814a81ba72925be7b136e0ae27cf74962e8d4252d6d6cb79ae53569c4947830e4e599c78151516f247e553f08fce5

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        28KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        a69ba5fb68ab609d80c17365000b58f0

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        e71bd892f128aeedffdd9671bc765458a4a023ba

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        2bcfff5006b95192b71075f6512b65b2203a31755fe0bb47226c77d328e83822

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        df0eb52c9383736e855adbdacf4b8690087800714f5248549d5fbe822086df42fb5274eca20705a005469fb822faff2a69beff6edeb3383e2f6f4f2d09fd84ad

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0fce6ca8f2eba679_0

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        269B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        0e5e6cc1adff0e515e4216b123b83ea3

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        06dffac52fa64d4d2137f07e33e29beef2605cf2

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        a875e0299514256674144825ba6568cf0e6c33e07699dcf46bf2068cd55e9f7c

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        657a0773cdb7d19c5b748d8c167fc7b5dd1ae443f319db3d2e9dff65884c42926e7986adcd1b64e1e324a6e20d6988c3fd82eab0caeeb3ee180ba15ece20e80d

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ab2f98e764cc5113_0

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        268KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        6e8f28fc54136581c468d5cf21f86f5a

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        0958ca0c58eb02cc2a9e31a1e8e5f4ae9b1a184f

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        1eea77484f82a1139ae191163394332d581993391ccee060f794c5c665507169

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        4648d778202bf09741247dff54d8a20e20373b10eaca1b50361b4e841e512d05fd161d22b24b1e2a28cde5ef64a436a7d8d71701f788300cbb5454c5301e709b

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        4KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        4cdd4a181b53a940bbc4010725015803

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        e8d0ec0ff880e75a50140f4d734ddf7fb52c8ae0

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        1a69021ba5311861bcd8644a9769ce877e95b7d0708f27cd1d513b464fd8bc88

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        bd2681fc43b80199850fc56ee19ad02df68a1007cc2cfa719cf675aca6b9bc13c4e501f6566fd6cc0bf86c34831dc931e7a33069851b70fc07600db028e38790

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        2KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        80cead4630578b8adc83bc84242a0c1c

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        4c0d49dd4dfbc7c8895fc85fc058be4aec38eede

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        60a7d82f974fa516f436355ed86d30c8d2b17a9c36cadacf41a4b019642904d0

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        fa327faff0c457d906336308c35e1b73951bbc75c1a8286d6eea40b4b5d5c112bcf0dd4253ebfe638552bf212f6a82a63d9c3468e0ea5d64766f0b5b231b00b0

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        2KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        88b15224dd0d140c9d286453502bf577

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        533fd7ff1a9e5e2b7f0ef0ccd01233ee3688832b

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        68ab8f8929b398f1b752f7c7f3d7174296bf393fa93cd67a102b8c52861a0b65

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        11a5309a57b277b2bbefd430fea2431394044115a0ea5b5cd80b2565cc061218812024fa65811dbc805480440170aada9524ae63071c2b849889d0c2f84bd993

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        264KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        0d1ef1a456c19b5ac467dc0b70eb3c9f

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        3bfa4e2bee37aeb630078d9f35fc16a4b73e726e

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        6477d6dc60e39102136451e5d1df55593b32618bc393d20b69d48cb04b2862df

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        4b11e8b411fb3937c52aa4838669927325d696efd541e6789371f663813a36a77e83810e60ddc27f879e20535a8fc818f4550cf48ac9349074131a77e0263cd4

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        16B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        46295cac801e5d4857d09837238a6394

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        23B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        3fd11ff447c1ee23538dc4d9724427a3

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        1335e6f71cc4e3cf7025233523b4760f8893e9c9

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        19KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        eea4a187307ef7a438def5f1599de448

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        cf284b3a0c1aae2dc3483661dcf6d7613a61b623

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        68ed2521105cc68350d2a21b75a28fc668a24ec5fa82545b3212611b47deb088

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        7d757b9f507c8bb3f4f70be2f06a5648c3cf5acbacaceb2e09d021c895de10fa0b629103089213993532fcb22338bd57f2dfc331ba8544b28ebd01c574e177ce

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        22KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        5b084bbc9fb1dd91c7d5ec974a9b2b3c

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        feda04d62faef1eb579c214f3e9d18bd2a9a506d

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        e3246a6ef6e1447bb4e0ab1aa2bc2533b1880be45f5694211b010dc5d3ee6b5d

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        bf68f2ae24c1c3c3b69ca2611fefedfcc31f058cfdf4172c83d375075c00c26564942c7dac22230b48b24abbc30d826acae830ea4bf86e1e7cb41905e44a89d7

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        24KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        134212f879ae929df9273637187a40d3

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        3cb645a174aca9066860edcf7b6ba7b9731078c5

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        5ec2061d0756deb693529117dd96c61939814460b12d8c57e1d3728bac225f8c

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        131a179b5d5d21543fdde1ad457b26fc86b744137e46295794ac82b4b5d7581f1789ae6d863f745fbfd531e2d1ca98f3df4414d74a049d6eb57b9e69ab5c78c1

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        371B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        9570f18ba9d6fe0627bc50409eea5621

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        b87456d4a4922da5d7660e84cc2df8428c850194

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        8ac0c1512deffe41af8e70524493d6b7dddf9a7dde73c83fb849beb7f8149e30

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        4de22aa3197ccd20eb0517d6c184bc0f5fd501cf0e6e9686225091252c299212c06cd82e11ce568d23b017906a90b1f0b27c0c8438e51c6169af455803d83e2a

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        6KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        c1b8e0019bb28db7053d182e9b493cbd

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        830e9501d5487f9881d383ae72124b76d27c4375

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        1e1c919d9aba6315b2643ecb008513a5c22cac4d1407520c54e72e741df3e47b

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        cf30ddb28ae9c63b456848caab47ddf4f8cd23070e74b440e1b4f8fdf54203764ea620731bbc59216f6048551b12dd1bd2fe2d3d2779a296f20b9fb3c389bd8c

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        2KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        15e4ca97f07e057b1111f2bd65cb860d

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        8b0272a3c5bba6b31247d5959fa048c664937119

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        11a108932ddd8ff830a71d5f9574613964a54ce19f8b0bfca75231652a56fb00

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        989a9f9892079341326886a4d323fa93e7f9e4201b2b0f92591a41c569d0d17040e022156d6cf16101a358823b0a539c91661e508c2e1505ff9d310115e4d1a2

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        5KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        5d4ebf0d6e67812e9587618c4df1974f

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        bdcf712da82af46c4445f5ec50d659246dc7ebd1

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        fc46146f71583f60e5654ede9e9d5c3c1de5acb4ee270b8c4aa5ebb603086190

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        88dd373257f23e0f8d905a902f61184ad4c887fc345cb145609a3498ec49b7ebc296b1923a90c803a937971e4ec802747d2af3b1c88b5be293bccbeb667b4ef9

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        6KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        0e7674af707c487aa9347b5663e0aed7

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        0156c523bc5b409307c192cd113f1b202590b180

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        d59306026287ff80135866337272d6cfa285a1eedc972e89eac4ecb73355af4d

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        aca26a8d5e3fe91168b9d86bbcde7e94cd7c56dd7ed2b73a60b88d6234d78199eb6c455a599856937d75373b1e58c2021964b9e73fa7c11b120e3800bcbddd9c

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        6KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        cc3b7a3b01054550361a925ab9a7d00e

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        38cdccdc4eab15f8cc59b0c8422f5eaeb6d0007c

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        6c76146bc8b2421561c854c8b820c6715d723a2504ef0d673a69300d8dfe51f8

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        81cb7dddfd9d9d5aa7a05f3b12f58aa0f706ce9fb188ac74b5697b4108a6dc2d50ce3861d29d16483a964fe6ca0a959e39a69bf91c67d1fdc782e60a91e41fcf

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        7KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        7af2296c54abed6a768dc5673f71bef3

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        28ac20e771cda604d63ecbab8991596536f9cb21

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        6975daf40028ceff0f0286c3e941b6b4029fb6daaee50504da31aa55fcefb9c1

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        21cc5e1df5e8b629a4e6a6e0b855f6ae617b22cd4aa208e9cc87c93c247e6362e07f17a645fcc745c904a72a5884cdc3c5d5e00cf116ab381b289fe573d789d4

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        7KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        b9694f9edc573cef631b2ee19911f63d

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        d4d2a3f4f0d1e9832514c24743d9a8d5da324ad6

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        1ca4e716de9a7ad05f175e0ec72b2c70d17beb18449e8a71e86be218e867f614

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        c26acba69ea2ff5effd8a8c36fd36cdcb7a5c0d5871b2fd11f25160e6da7586c652ca17c86e7de09dcf586376851ece2f4daad4c4bcf4eed4e7e88c99f03fda3

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        5KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        6bdfe02c4477c71c6165bc44cdf60636

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        8f115ec8bc891ca9f80c543f6800f40048d9ef2a

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        8b3f8282d8ff5cecf60c1fbe1d3ee02ab4ce286914dd60e2f72c6f6437e07766

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        96f5aaa81ac27cd2fee370d2481cdfa4c6cb2a91bd23e9cf9eb1681e88d0237553bc7d2a0e6a53405777173e56f7baf19c8624d0c9e43d0bb97c125f261c5e90

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        6KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        9d96e50b574d4f1b7b4fd6d110d985ce

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        01703e98e17669d94072e9b55dab5f538ce5f359

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        6ea26b6e19ba080d4c1a451b5dab161fcac03d389d3318d3473df404a8ae0e4c

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        975eda37643b065b2f51b21d69c166f1d578932f9597f962bb79bb7eb7825804ab5adbe7514ad3a1fb3d767174ee6240454684c667f10ff41df5af2f2a5a9ab3

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        6KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        291a16b65e11b2771b7f05406feccc3a

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        c45cf08f34e8df25d1bbd20249f9c11f20a58308

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        a74ced12c6004b89fb9844b72e6a00b2d58dbdc4eaac8848f3be4c9f6ad019f7

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        007d47e9bb8e63ad22d4799d6e4caa56604a43ceae876a97af6bcfcb1b0e8500fd92e04acdb60efb8a93a9445b304abfeb2b23175297176d7658626af6cf113e

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        7KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        952c1b99006239837392943583912831

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        de61f8ad9e200f830656fff9450987f4f0456c22

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        5acfa37f0e42e0bc54b3b9a5ecb61e420a07624f26c585b4104287b4a0831c2d

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        a11214852bd8fcf6c96c458f7aa23cfa1f05123af160f524b1f41e9398057b5c40a0a88a1328326cfe15ccaadbb9edca88e86cab7e7d0d64d948350af28e9daf

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        8KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        977ed0d27e40dc13af3d2b8bf52478af

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        4cfd16b231df0abaeee2bf49eea1e2e9c3e01c44

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        1a0866ea9f3afa5b7919cb1a4d44071d9a733a713b156cbff3733964f2e351ef

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        4d65c570ca3bfd36287bd21f4c3c9c91be3ee167f67fa939fcc678da679076a954731695283abc390957c244f371199646e2ef0ffedda464feec440bae5e3059

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        8KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        fafa3f76c3bfdfddd9fdb535003a6da5

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        8253f2d22a8e32c7c05c76f5f86f75afa757bfb0

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        37926a8e81f5e62b66d5c16848b94065b2c16898878c7fde5cd92e472a9c2b0f

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        d68ae4be353f6f791c461ad0d7d74f7a2f28d272290351987a8615526698e513cd54be3b89a74809bf2f76b0217d8fc10ff794ecda2c159b7b7cb22fff398631

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        6KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        4d43de0c6896d65714cdcefd47805c0a

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        3bacc1255519beaa11a9b030c8621973e47bd085

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        ea909d483ca79e77690d5d2e4c0d0b3a9eb15ad474f27b2706fba1cd0fd7cccb

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        865591c120846f571908d3224e54d30fb6b9c68db804385dc1a88078148314a1d97ad425656feb9b3dc5cd8aa7d4aee8cebc42e89e69e5013212a13032ab144b

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        15KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        36ee5ce2924910749171fe664f0a02c4

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        8ff75428124bddc65702d2f2b867bc5916c47ed4

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        2e70c5b3ad1a33483a20cfa88507cfe89087d036e9002398f4b33a193b3d46a4

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        bfdda46b7950553d50a7e38b0e5db961fc1fe22bd57447bf59b41b7b45980ed77f224c0257a5a5af35ee2c7e60e7216481d1ad65caa1247fa3eeea1088cc7303

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        56B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        94275bde03760c160b707ba8806ef545

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        aad8d87b0796de7baca00ab000b2b12a26427859

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5b14ec.TMP

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        120B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        645b380977084f12bc28f96c9a9acdd1

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        1e762fb4aa8e6cb5c93dba719893ae9c7a86c2bb

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        7fc3c5e85bce9bc7618eb95fbf0434720df56b8973ec0c7dc64ea1ffed889d32

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        c920cbf693844b2608c4765c267f0b64ed0e4f69583ace09db463c29b60d2f33c9ed554d2746333db0e0852f254711152627c95b98ec1467e575dfc5145162f0

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fbd81dd1-29c9-4a8d-99a7-586956a6c02b.tmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        7KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        70428c5df2cdf309cfab8da9cb986951

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        c0a584a60ad03b7dc6e066698d1b624821d2a322

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        e89c7be8284e4351aaaa2ddbde6272fa6ba9bd568da34db16f095d590bfeffd5

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        0649e4f76e1c3ddc294ff39ed6b28518093b616820a423aa7edc433269c67ba042412cacb172a0f1ecd11ed9eadd53779312dfc62cead40dedf18cde9dcdfe49

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        288KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        af91d9d6d2f0c26186e3083637fcf573

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        dbd2b7eaea84b8d9045b94a16710da694c588520

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        2b053948915af925798dc37129fc3a94db2697d46398349b4d26fe896933445c

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        75d8610eb3371454c702657889b1699ecf67159f4b5f6915c86c4ea013e744126f98aac2af04c02ac713b17021f0dd44ead845a27a12523a4ac0e892439003d7

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        267KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        a4d4b43e489eafc4605e6485c188e8e1

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        85aee2eddf8295b9e7b05e7ba7d612096e952615

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        8f20b4039b70310f99bc18913011a96212a543e5759756d5e9943e73d05904f5

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        2e05d457577dfe21eda48272f8ccb6def2885a20ec4788365b33eaff2f95f1aac68be3b72a8d2eb14f629ea86a448b90098ff957f5c142476a178eab56c1506e

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        151KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        74018ec5e1fda93b4849f915fb1c3b5e

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        304a5211e68bfeb5da84f6a744213ef5d77b7a50

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        7eee9a822c0c6b5828b082b88bedfd80feb7de8e913dd85aa2b32796964bf3ee

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        c8a8a62fca2699f993f769e0e95b8a2a1e4635fa816c949754c5b0bac0b6ab13155466c363682b953c3a878fe3980378b1c31d41ed137fd9505309f4e011e892

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        151KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        258fc18592c7d88381531946d5575f6c

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        81101da589e84664e124762829384d3cda5a96c1

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        ac30ff354d2521deb9593ccdd06c4549d138ca40b6aeb8fe9670ccf2a278811f

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        a22e0d26ba8d977691b835097008a2e37821886f5b77ee591d20323321ed7bfc2711e77cae8455adc1d166f6c1ec8e752984dd43ffb040af26e8328c2c01f29f

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        268KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        c6e22351459476c9db6b6d82a1a2474f

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        163bf59b45baf63aa6cc6f7a639b1f67469d1a64

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        f7cad2e3344758cc519345169f1f22acafa28e0bd1d72f331e9a836c9e2040fa

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        4ac32f992ea6bdcf9a8a3bbff596de355e70b900ea5e18b5903c91ccc048b951ab59181def89238c8dffbfb230d24ce9cafbeacf735ad4ba59f5ac515130b496

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        268KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        844b7b96f441a0d69d779093e60b7d64

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        48590b5498101d855b7146c73f016020edc30318

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        3a50ee11bb17a1608b2b63e7173edc2c4c4abf5a4d186f98ca62178065b234c9

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        49b7b1333fb59dce87592f690eb3dbf95e979f9516938b5f73cd687a2b2877d9ae4eaea52dcde5ae1af590f01ab88dc8a5ae648aaa5e2e386e99771503b4b80e

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        136KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        aac53a9534f24a83c1f04dd6dc1c14f7

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        38d215f8f03651280e1d7d5d629152e9ce4b3a99

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        99b57607708cb1a4afe48af33e69c25617bf322ec0a9752ff18e44efdff1f7d2

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        49091757211dc86f1b898174b60e9e7f890a83974ebe66eaca756a412603675f57e1832c57f5664dc4734aa3ac89dcb3a7a36803983a9501e89ebabfe7e6b8ba

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        287KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        d6479d02d15d08a2b0e73669fd95e62a

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        d28e3d92ced28caaab513e57504bc51f0020ee7e

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        92c73f25bde3bfe9ab8ceb582835d5b657faa8db839d70dcd7421797c74e5fe2

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        bcd2899330d50ef1daf5c0678f464aa0254de0824ccabebec0ec6ae4edd437346f1d78c5f2b4c721abc52dca1ddf09fcdd5f27de79de3cb27d7a712883b26deb

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        268KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        f9c93af4fdbd0212c78a47d0fb1eefcd

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        6093eb4e3ca785747baa7957790dc0105160cab5

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        0778b65069fc11ebba6da7171281843947f5cbbd673153a23752cbfdfa327e4d

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        e8e9e1430e6c333a3837f47627f09df491bde4ce476a2ccc468e5516aeabe36c02d8a744f4cdd9fd2c1558341e0de06193c46afa41bb6ba092aade6cf4400e5d

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        282KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        a751c5a81bcb603b1b79e7e9d68727c2

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        45b1874f5ef2e2c11b0e3c68a062285ea24f5372

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        eedba609748805a8264bdec4d40b4ed193e35510b908b83c0e4f6d404df9f001

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        d70248f224f30ed0ceb0f7fc0e59ee6036ca56e4a5660192c01e1f30a8e6d32f1361a28008e8f105e88ce46f9219de2ae426b6f4db5a1970f6bd341d669619af

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        110KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        78ac2d85322bd10aca9a1607de90c22b

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        547366c16494d5d3b382bd5e2bb90d4550a0abd1

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        9403f7acff4acbe6a5b2e2061e88de839aa9b60d982e327c47a3b57a3792df76

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        b6e87da38d58bd5f0f39f56b5b5acb51861ed90b79204a086c1a56f14ac1f72147d8554dd0a0f58336b49ccbf4d490f29f8ace57d429bdb44a4f4069c197aa24

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584040.TMP

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        104KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        87cd23b6a380b30d765c704e31450c7a

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        da104afd804cd8282d333d3de4f7ccde265af824

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        5d07f7e94a1afd2c00fcb03ffd4507bcccf93f8cd7fca068bfa935cb0979c470

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        d698c76dd308feb105e9a82944b2cd573a339b7ce224cf65cd5c524d959d5d030628441ae7c664e416fe0e2153eea697dd5b1a7f9dc138bb9fc9260e6d4ba22d

                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        2B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        99914b932bd37a50b983c5e7c90ae93b

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                                                                                                                                      • C:\Users\Admin\Desktop\WaveTrial\CefSharp.BrowserSubprocess.exe

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        6KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        bcd22b9511d5383e23d875e2cf3c339e

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        0ef86afaef536cc4b046ea2866414bb193d60702

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        95dd31f11ac1317559b6eee0479739930d503a4938283f5d831ac8add92ad792

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        c4e6821858720895c0bfae797097e3307bb7ea8f03dde4fefc16cce03b2a50fecfe8ed5c3225136fcd9d74ee0ed8673f795b410cd14890d22df58c1f03b693c6

                                                                                                                                                                                                                      • C:\Users\Admin\Desktop\WaveTrial\data\settings.json

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        309B

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        1281d8dbf988446d6445f20d80a7dd35

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        1febeae94440c97faf3ee9ead71aeb2c07c94466

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        26ad162615d6a724309754be76f0bac9b67fe0280fe8099212b0589e51c1c56e

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        841185401d1f0995bc3ca9e97c4f65aa68acbcad88dbb7278be4ebf014ed7ccb268f1fd666ca7ebcd8320a606ccb6f12b5d287e6bdb14a8ed12629bca3edb8da

                                                                                                                                                                                                                      • C:\Users\Admin\Desktop\WaveTrial\dist\client\assets\index-5ef340da.js

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        3.4MB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        a930ae45a28f99330f3a2a3bca2c5fc8

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        4c017d351ceac93ac48382ba5b7558531ca0bfea

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        ff08d82ee292b5eb061afa9f74597fb6ca856b7de89cd6397d5633d011a00068

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        0d7fcc2d6cdc15da6ea27fa9c5efb937c852a6abc38b6c0c942fd1db3f573736fcdb91bf6f2ea1c308a0d351844d9f5b34c3b2aaa0266eec0abded73bb082b1a

                                                                                                                                                                                                                      • C:\Users\Admin\Desktop\WaveTrial\dist\client\assets\index-daab.js

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        3.4MB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        a19bf5e804004e0397a4547f9a8568fe

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        daad35851be0986f1a99f5563976309c2f7fc800

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        66909b895c0b86eb1edaf95c0d728939a4986f01bf5112023bf52a6afc021155

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        2e98dedf48e2f16543ef28cdfad832f77a6250f6e71cadd2245e58aa4872a91934f390ad8552a1c59b035ead123904b95c31a1fb3d7ba3dbf49968b018755c5a

                                                                                                                                                                                                                      • C:\Users\Admin\Desktop\WaveTrial\dist\shared\bin\en-us.json

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        5.5MB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        de2ac61fe7207c1b2f304b05fae4e39f

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        72a4623fde7103eebcff4a55ccb8eb6acf6bbee8

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        c8dd69f4f8f07ebe1c73a433bbf08f67e3bef3047c35251a243c3ac78f500647

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        4d0be337f5d6f760fef3f79d14ef6835045e12e7eef5cf906a5f73841b01bd59d3171c31f63de34e5b44f791d5912f940fa391d96685532e0baeb7613526f8a8

                                                                                                                                                                                                                      • C:\Users\Admin\Desktop\WaveTrial\dist\shared\bin\globalTypes.d.luau

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        418KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        4fb046cf2752a7e38784b9c223fc749a

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        ec60cb7dca1a73001cffbcf858ec0a8714dbca1a

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        89259d80bd757a1d0a5b47b5c7eac1d8f84071d71b49049dd49a37ef8dee727c

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        763d7d904ae606b2e9692b46d5c18bab98eecd6973330f223da738f74f918530729df0ea8d91b976fc2787592d469c187bc027ad142dc5cef0d7b615948c7e13

                                                                                                                                                                                                                      • C:\Users\Admin\Desktop\WaveTrial\dist\shared\bin\wave-luau.exe

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        3.4MB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        12fd29fcaf6f6518b8bf9e976928fa38

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        1f9352e217518eaceefdd041e3f085ffbb93acb0

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        d38d6297b4653f30397b7f45964ed99a70c8ab73d60063f68d3380c309e626a4

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        b0c5bfb87639585564915f284ecff5af7e6664097ea3d9df6908c08ce09f9f6c31912225620bb7f7cf818efd6a7146280ce37e10ca7fb55bd381b95bb8a2189b

                                                                                                                                                                                                                      • C:\Users\Admin\Desktop\WaveTrial\dist\shared\bin\wave.d.luau

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        4KB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        ec1e22fcdb56c0027ebc8cc4de1d0e64

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        01c3295445117957e0aa1facbd2538d68b600c78

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        65f300099bb14dc2ff2e2fc3a3ebda335d16433c08e317eeb4673cf106ed34a3

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        090c6fa8ad2b0d1e8b4dd5d42759b6ee56e96786da9d7aba34040bf3daf5ca8c5d00c9cc10cd4b84e3ebe023b2c5550c237207902a29afa9bd9dd38757c93017

                                                                                                                                                                                                                      • C:\Users\Admin\Downloads\Unconfirmed 416725.crdownload

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        7.6MB

                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                        dbb820772caf0003967ef0f269fbdeb1

                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                        31992bd4977a7dfeba67537a2da6c9ca64bc304c

                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                        b2ac1e407ed3ecd7c7faa6de929a68fb51145662cf793c40b69eb59295bba6bc

                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                        e8ac879c7198dffb78bc6ee4ad49b5de40a5a7dbbda53d427d0a034941487d13c8bb2b8d590a1fcdd81cd6abb8f21fdfcd52924eb00c45a42ee06c1e4b3d590f

                                                                                                                                                                                                                      • memory/3508-9845-0x00007FFC75BB0000-0x00007FFC76671000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/3508-9850-0x000001CB590B0000-0x000001CB590C0000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5688-9781-0x0000013BDFE80000-0x0000013BDFEA2000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        136KB

                                                                                                                                                                                                                      • memory/5688-9827-0x0000013BE6E00000-0x0000013BE6E0E000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        56KB

                                                                                                                                                                                                                      • memory/5688-9817-0x0000013BE4560000-0x0000013BE457E000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        120KB

                                                                                                                                                                                                                      • memory/5688-9780-0x0000013BE0330000-0x0000013BE03E2000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        712KB

                                                                                                                                                                                                                      • memory/5688-9819-0x0000013BE4450000-0x0000013BE445C000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        48KB

                                                                                                                                                                                                                      • memory/5688-9818-0x0000013BE4770000-0x0000013BE4812000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        648KB

                                                                                                                                                                                                                      • memory/5688-9816-0x0000013BE4470000-0x0000013BE448A000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        104KB

                                                                                                                                                                                                                      • memory/5688-9822-0x0000013BE45B0000-0x0000013BE45D6000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        152KB

                                                                                                                                                                                                                      • memory/5688-9821-0x0000013BE4460000-0x0000013BE446A000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        40KB

                                                                                                                                                                                                                      • memory/5688-9820-0x0000013BE46C0000-0x0000013BE4726000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        408KB

                                                                                                                                                                                                                      • memory/5688-9823-0x0000013BE4820000-0x0000013BE4852000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        200KB

                                                                                                                                                                                                                      • memory/5688-9824-0x0000013BDFE70000-0x0000013BDFE80000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5688-9825-0x0000013BE4760000-0x0000013BE4768000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        32KB

                                                                                                                                                                                                                      • memory/5688-9815-0x0000013BDFE70000-0x0000013BDFE80000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5688-9828-0x0000013BE6EC0000-0x0000013BE6F04000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        272KB

                                                                                                                                                                                                                      • memory/5688-9826-0x0000013BE6E30000-0x0000013BE6E68000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        224KB

                                                                                                                                                                                                                      • memory/5688-9783-0x0000013BDFE70000-0x0000013BDFE80000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5688-9846-0x0000013BEB820000-0x0000013BEBD48000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        5.2MB

                                                                                                                                                                                                                      • memory/5688-9814-0x0000013BE4610000-0x0000013BE46B2000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        648KB

                                                                                                                                                                                                                      • memory/5688-9847-0x0000013BEB480000-0x0000013BEB606000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        1.5MB

                                                                                                                                                                                                                      • memory/5688-9813-0x0000013BE4430000-0x0000013BE444E000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        120KB

                                                                                                                                                                                                                      • memory/5688-9812-0x0000013BE4490000-0x0000013BE4506000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        472KB

                                                                                                                                                                                                                      • memory/5688-9782-0x00007FFC75BB0000-0x00007FFC76671000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/5688-9787-0x0000013BDFF00000-0x0000013BDFF4A000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        296KB

                                                                                                                                                                                                                      • memory/5688-9779-0x0000013BE0060000-0x0000013BE0221000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        1.8MB

                                                                                                                                                                                                                      • memory/5688-9778-0x00007FFC75BB0000-0x00007FFC76671000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/5728-9741-0x00007FFC95DE0000-0x00007FFC95DF0000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5728-9775-0x0000026D41C70000-0x0000026D41C71000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        4KB

                                                                                                                                                                                                                      • memory/5728-9698-0x00007FFC97F00000-0x00007FFC97F10000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5728-9699-0x00007FFC97F50000-0x00007FFC97F80000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        192KB

                                                                                                                                                                                                                      • memory/5728-9700-0x00007FFC97F50000-0x00007FFC97F80000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        192KB

                                                                                                                                                                                                                      • memory/5728-9701-0x00007FFC97F50000-0x00007FFC97F80000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        192KB

                                                                                                                                                                                                                      • memory/5728-9702-0x00007FFC97F50000-0x00007FFC97F80000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        192KB

                                                                                                                                                                                                                      • memory/5728-9703-0x00007FFC97F50000-0x00007FFC97F80000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        192KB

                                                                                                                                                                                                                      • memory/5728-9704-0x00007FFC97FE0000-0x00007FFC97FE5000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        20KB

                                                                                                                                                                                                                      • memory/5728-9706-0x00007FFC96990000-0x00007FFC969A0000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5728-9708-0x00007FFC96A20000-0x00007FFC96A30000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5728-9707-0x00007FFC96A20000-0x00007FFC96A30000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5728-9709-0x00007FFC96A40000-0x00007FFC96A50000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5728-9705-0x00007FFC96990000-0x00007FFC969A0000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5728-9710-0x00007FFC96A40000-0x00007FFC96A50000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5728-9711-0x00007FFC96A40000-0x00007FFC96A50000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5728-9713-0x00007FFC96A40000-0x00007FFC96A50000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5728-9712-0x00007FFC96A40000-0x00007FFC96A50000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5728-9715-0x00007FFC95730000-0x00007FFC95740000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5728-9716-0x00007FFC95840000-0x00007FFC95850000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5728-9717-0x00007FFC95840000-0x00007FFC95850000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5728-9714-0x00007FFC95730000-0x00007FFC95740000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5728-9719-0x00007FFC959B0000-0x00007FFC959E0000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        192KB

                                                                                                                                                                                                                      • memory/5728-9720-0x00007FFC959B0000-0x00007FFC959E0000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        192KB

                                                                                                                                                                                                                      • memory/5728-9721-0x00007FFC959B0000-0x00007FFC959E0000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        192KB

                                                                                                                                                                                                                      • memory/5728-9718-0x00007FFC959B0000-0x00007FFC959E0000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        192KB

                                                                                                                                                                                                                      • memory/5728-9722-0x00007FFC959B0000-0x00007FFC959E0000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        192KB

                                                                                                                                                                                                                      • memory/5728-9723-0x00007FFC97DE0000-0x00007FFC97DE1000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        4KB

                                                                                                                                                                                                                      • memory/5728-9724-0x00007FFC97740000-0x00007FFC97750000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5728-9725-0x00007FFC97740000-0x00007FFC97750000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5728-9726-0x00007FFC977F0000-0x00007FFC977FE000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        56KB

                                                                                                                                                                                                                      • memory/5728-9727-0x00007FFC977F0000-0x00007FFC977FE000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        56KB

                                                                                                                                                                                                                      • memory/5728-9729-0x00007FFC977F0000-0x00007FFC977FE000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        56KB

                                                                                                                                                                                                                      • memory/5728-9730-0x00007FFC977F0000-0x00007FFC977FE000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        56KB

                                                                                                                                                                                                                      • memory/5728-9728-0x00007FFC977F0000-0x00007FFC977FE000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        56KB

                                                                                                                                                                                                                      • memory/5728-9731-0x00007FFC95E50000-0x00007FFC95E60000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5728-9732-0x00007FFC95E50000-0x00007FFC95E60000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5728-9733-0x00007FFC95E70000-0x00007FFC95E7B000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        44KB

                                                                                                                                                                                                                      • memory/5728-9734-0x00007FFC95E70000-0x00007FFC95E7B000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        44KB

                                                                                                                                                                                                                      • memory/5728-9736-0x00007FFC95E70000-0x00007FFC95E7B000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        44KB

                                                                                                                                                                                                                      • memory/5728-9737-0x00007FFC95E70000-0x00007FFC95E7B000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        44KB

                                                                                                                                                                                                                      • memory/5728-9735-0x00007FFC95E70000-0x00007FFC95E7B000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        44KB

                                                                                                                                                                                                                      • memory/5728-9739-0x00007FFC95CE0000-0x00007FFC95CF0000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5728-9740-0x00007FFC95DE0000-0x00007FFC95DF0000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5728-9695-0x00007FFC97DF0000-0x00007FFC97E00000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5728-9738-0x00007FFC95CE0000-0x00007FFC95CF0000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5728-9742-0x00007FFC95E10000-0x00007FFC95E36000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        152KB

                                                                                                                                                                                                                      • memory/5728-9697-0x00007FFC97F00000-0x00007FFC97F10000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5728-9696-0x00007FFC97DF0000-0x00007FFC97E00000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/5728-9694-0x0000026D41C70000-0x0000026D41C71000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        4KB

                                                                                                                                                                                                                      • memory/6164-9841-0x00007FFC75BB0000-0x00007FFC76671000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/6164-9842-0x000001FA7C610000-0x000001FA7C620000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/6700-1994-0x00000161C44F0000-0x00000161C4BF8000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        7.0MB

                                                                                                                                                                                                                      • memory/6700-1995-0x00007FFC75BB0000-0x00007FFC76671000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/6700-1996-0x00000161C5010000-0x00000161C5020000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/6700-1997-0x00000161C5020000-0x00000161C5044000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        144KB

                                                                                                                                                                                                                      • memory/6700-1998-0x00000161DF3C0000-0x00000161DF4A6000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        920KB

                                                                                                                                                                                                                      • memory/6700-1999-0x00000161DF4B0000-0x00000161DF671000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        1.8MB

                                                                                                                                                                                                                      • memory/6700-2000-0x00000161DF680000-0x00000161E0680000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        16.0MB

                                                                                                                                                                                                                      • memory/6700-2003-0x00007FFC75BB0000-0x00007FFC76671000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/6732-2009-0x00007FF6AE9C0000-0x00007FF6AF320000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        9.4MB

                                                                                                                                                                                                                      • memory/6732-2010-0x00007FF6AE9C0000-0x00007FF6AF320000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        9.4MB

                                                                                                                                                                                                                      • memory/6732-2004-0x00007FF6AE9C0000-0x00007FF6AF320000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        9.4MB

                                                                                                                                                                                                                      • memory/6732-2005-0x00007FFC97DF0000-0x00007FFC97FE5000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        2.0MB

                                                                                                                                                                                                                      • memory/6732-2006-0x00007FF6AE9C0000-0x00007FF6AF320000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        9.4MB

                                                                                                                                                                                                                      • memory/6732-2007-0x00007FF6AE9C0000-0x00007FF6AF320000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        9.4MB

                                                                                                                                                                                                                      • memory/6732-2008-0x00007FF6AE9C0000-0x00007FF6AF320000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        9.4MB

                                                                                                                                                                                                                      • memory/6732-2011-0x00007FFC97DF0000-0x00007FFC97FE5000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        2.0MB

                                                                                                                                                                                                                      • memory/7068-2378-0x00007FFC3EFC0000-0x00007FFC3F4BE000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        5.0MB

                                                                                                                                                                                                                      • memory/7068-9792-0x00007FFC3EFC0000-0x00007FFC3F4BE000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        5.0MB

                                                                                                                                                                                                                      • memory/7068-2680-0x00007FFC3EFC0000-0x00007FFC3F4BE000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        5.0MB

                                                                                                                                                                                                                      • memory/7804-2012-0x00007FF6AE9C0000-0x00007FF6AF320000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        9.4MB

                                                                                                                                                                                                                      • memory/7804-2014-0x00007FFC97DF0000-0x00007FFC97FE5000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        2.0MB

                                                                                                                                                                                                                      • memory/7804-2013-0x00007FF6AE9C0000-0x00007FF6AF320000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        9.4MB

                                                                                                                                                                                                                      • memory/7804-2015-0x00007FF6AE9C0000-0x00007FF6AF320000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        9.4MB

                                                                                                                                                                                                                      • memory/7804-2016-0x00007FF6AE9C0000-0x00007FF6AF320000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        9.4MB

                                                                                                                                                                                                                      • memory/7804-2017-0x00007FF6AE9C0000-0x00007FF6AF320000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        9.4MB

                                                                                                                                                                                                                      • memory/7804-2019-0x00007FFC97DF0000-0x00007FFC97FE5000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        2.0MB

                                                                                                                                                                                                                      • memory/7804-2018-0x00007FF6AE9C0000-0x00007FF6AF320000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        9.4MB

                                                                                                                                                                                                                      • memory/9228-9810-0x00000195D74A0000-0x00000195D74B0000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/9228-9809-0x00007FFC75BB0000-0x00007FFC76671000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/9520-2336-0x00000226FB530000-0x00000226FB540000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/9520-2490-0x00007FFC75BB0000-0x00007FFC76671000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/9520-2021-0x00000226FB530000-0x00000226FB540000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/9520-2020-0x00007FFC75BB0000-0x00007FFC76671000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/9520-2075-0x0000022680000000-0x0000022681000000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        16.0MB

                                                                                                                                                                                                                      • memory/9520-2305-0x00007FFC75BB0000-0x00007FFC76671000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/9892-9789-0x0000017680F20000-0x0000017680F26000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        24KB

                                                                                                                                                                                                                      • memory/9892-9849-0x00007FFC75BB0000-0x00007FFC76671000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/9892-9852-0x0000017682C90000-0x0000017682CA0000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/9892-9793-0x0000017682C90000-0x0000017682CA0000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/9892-9791-0x000001769B480000-0x000001769B59E000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        1.1MB

                                                                                                                                                                                                                      • memory/9892-9790-0x00007FFC75BB0000-0x00007FFC76671000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB

                                                                                                                                                                                                                      • memory/10060-9844-0x0000020B529E0000-0x0000020B529F0000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        64KB

                                                                                                                                                                                                                      • memory/10060-9840-0x00007FFC75BB0000-0x00007FFC76671000-memory.dmp

                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                        10.8MB