hxxps://drive[.]google[.]com/file/d/1d-AcYI1SvRj8B-iwa3CP7iaGyuSrBE28/view?usp=sharing

Analysis

max time kernel
1049s
max time network
1012s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-08-2024 17:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1d-AcYI1SvRj8B-iwa3CP7iaGyuSrBE28/view?usp=sharing

Score

9^/10

discovery evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	wave_bypass (3).exe

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	wave_bypass (3).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	wave_bypass (3).exe

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	node.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	WaveInstaller (6).exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	WaveBootstrapper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	Bloxstrap.exe

Executes dropped EXE 14 IoCs

pid	Process
2608	WaveInstaller (6).exe
5112	WaveBootstrapper.exe
4928	WaveWindows.exe
2192	node.exe
212	Bloxstrap.exe
4436	CefSharp.BrowserSubprocess.exe
4244	CefSharp.BrowserSubprocess.exe
5008	CefSharp.BrowserSubprocess.exe
1204	CefSharp.BrowserSubprocess.exe
4468	CefSharp.BrowserSubprocess.exe
5252	wave-luau.exe
5284	wave_bypass (3).exe
5948	CefSharp.BrowserSubprocess.exe
2128	CefSharp.BrowserSubprocess.exe

Loads dropped DLL 64 IoCs

pid	Process
5112	WaveBootstrapper.exe
4928	WaveWindows.exe
4928	WaveWindows.exe
4928	WaveWindows.exe
4928	WaveWindows.exe
4928	WaveWindows.exe
4928	WaveWindows.exe
4928	WaveWindows.exe
4928	WaveWindows.exe
4928	WaveWindows.exe
4928	WaveWindows.exe
4928	WaveWindows.exe
4928	WaveWindows.exe
4436	CefSharp.BrowserSubprocess.exe
4436	CefSharp.BrowserSubprocess.exe
4436	CefSharp.BrowserSubprocess.exe
4436	CefSharp.BrowserSubprocess.exe
4436	CefSharp.BrowserSubprocess.exe
4436	CefSharp.BrowserSubprocess.exe
4436	CefSharp.BrowserSubprocess.exe
4436	CefSharp.BrowserSubprocess.exe
4436	CefSharp.BrowserSubprocess.exe
4436	CefSharp.BrowserSubprocess.exe
4436	CefSharp.BrowserSubprocess.exe
5008	CefSharp.BrowserSubprocess.exe
5008	CefSharp.BrowserSubprocess.exe
5008	CefSharp.BrowserSubprocess.exe
5008	CefSharp.BrowserSubprocess.exe
5008	CefSharp.BrowserSubprocess.exe
1204	CefSharp.BrowserSubprocess.exe
1204	CefSharp.BrowserSubprocess.exe
1204	CefSharp.BrowserSubprocess.exe
1204	CefSharp.BrowserSubprocess.exe
1204	CefSharp.BrowserSubprocess.exe
5008	CefSharp.BrowserSubprocess.exe
5008	CefSharp.BrowserSubprocess.exe
1204	CefSharp.BrowserSubprocess.exe
1204	CefSharp.BrowserSubprocess.exe
4244	CefSharp.BrowserSubprocess.exe
4244	CefSharp.BrowserSubprocess.exe
4244	CefSharp.BrowserSubprocess.exe
4244	CefSharp.BrowserSubprocess.exe
4244	CefSharp.BrowserSubprocess.exe
4244	CefSharp.BrowserSubprocess.exe
4244	CefSharp.BrowserSubprocess.exe
4468	CefSharp.BrowserSubprocess.exe
4468	CefSharp.BrowserSubprocess.exe
4468	CefSharp.BrowserSubprocess.exe
4468	CefSharp.BrowserSubprocess.exe
4468	CefSharp.BrowserSubprocess.exe
4468	CefSharp.BrowserSubprocess.exe
4468	CefSharp.BrowserSubprocess.exe
5284	wave_bypass (3).exe
5284	wave_bypass (3).exe
5284	wave_bypass (3).exe
5284	wave_bypass (3).exe
5284	wave_bypass (3).exe
5284	wave_bypass (3).exe
5948	CefSharp.BrowserSubprocess.exe
5948	CefSharp.BrowserSubprocess.exe
5948	CefSharp.BrowserSubprocess.exe
5948	CefSharp.BrowserSubprocess.exe
5948	CefSharp.BrowserSubprocess.exe
5948	CefSharp.BrowserSubprocess.exe

Themida packer 9 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/5284-609-0x0000000140000000-0x0000000144B43000-memory.dmp	themida
behavioral1/memory/5284-620-0x0000000140000000-0x0000000144B43000-memory.dmp	themida
behavioral1/memory/5284-619-0x0000000140000000-0x0000000144B43000-memory.dmp	themida
behavioral1/memory/5284-621-0x0000000140000000-0x0000000144B43000-memory.dmp	themida
behavioral1/memory/5284-618-0x0000000140000000-0x0000000144B43000-memory.dmp	themida
behavioral1/memory/5284-647-0x0000000140000000-0x0000000144B43000-memory.dmp	themida
behavioral1/memory/5284-648-0x0000000140000000-0x0000000144B43000-memory.dmp	themida
behavioral1/memory/5284-798-0x0000000140000000-0x0000000144B43000-memory.dmp	themida
behavioral1/memory/5284-888-0x0000000140000000-0x0000000144B43000-memory.dmp	themida

Checks for any installed AV software in registry 1 TTPs 31 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab\Minimap = "0"	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab\InlayHints = "1"	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab\SendCurrentDocument = "1"	WaveWindows.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab\FirstHash = "\"8435506daf2f1609706d4b50b15524c0-2\""	WaveWindows.exe
Key queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab	WaveWindows.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab\Session = "Bearer 9e824010-8e09-4ff1-9f13-d62bb3debb41"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab\RedirectCompilerError	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab\UsePerformanceMode	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab\LastUsername	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab\TopMost	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab\FontSize	WaveWindows.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab\SecondHash = "\"4c32de8b30c65ea4ddfedce2bd3ae907\""	WaveWindows.exe
Key opened	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\KasperskyLab	WaveWindows.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\KasperskyLab	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab\ContinueOnStartUp = "0"	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab\UsePerformanceMode = "0"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab\FirstHash	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab\Session	wave_bypass (3).exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab\SecondHash	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab\RedirectCompilerError = "1"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab\RefreshRate	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab\InlayHints	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab\SendCurrentDocument	WaveWindows.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab\LastUsername = "asmodeuz"	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab\TopMost = "0"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab\LastUsername	wave_bypass (3).exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab\Minimap	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab\Session	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab\ContinueOnStartUp	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab\RefreshRate = "60"	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab\FontSize = "14"	WaveWindows.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	wave_bypass (3).exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	WaveWindows.exe
File opened (read-only)	\??\J:	WaveWindows.exe
File opened (read-only)	\??\Q:	WaveWindows.exe
File opened (read-only)	\??\S:	WaveWindows.exe
File opened (read-only)	\??\X:	WaveWindows.exe
File opened (read-only)	\??\Z:	WaveWindows.exe
File opened (read-only)	\??\B:	WaveWindows.exe
File opened (read-only)	\??\I:	WaveWindows.exe
File opened (read-only)	\??\N:	WaveWindows.exe
File opened (read-only)	\??\Y:	WaveWindows.exe
File opened (read-only)	\??\E:	WaveWindows.exe
File opened (read-only)	\??\G:	WaveWindows.exe
File opened (read-only)	\??\H:	WaveWindows.exe
File opened (read-only)	\??\L:	WaveWindows.exe
File opened (read-only)	\??\O:	WaveWindows.exe
File opened (read-only)	\??\T:	WaveWindows.exe
File opened (read-only)	\??\W:	WaveWindows.exe
File opened (read-only)	\??\K:	WaveWindows.exe
File opened (read-only)	\??\M:	WaveWindows.exe
File opened (read-only)	\??\P:	WaveWindows.exe
File opened (read-only)	\??\R:	WaveWindows.exe
File opened (read-only)	\??\U:	WaveWindows.exe
File opened (read-only)	\??\V:	WaveWindows.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service

T1102

flow	ioc
146	raw.githubusercontent.com
147	raw.githubusercontent.com
3	drive.google.com
5	drive.google.com
117	raw.githubusercontent.com
118	raw.githubusercontent.com
144	raw.githubusercontent.com
145	raw.githubusercontent.com

Network Service Discovery 1 TTPs 7 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
1204	CefSharp.BrowserSubprocess.exe
4468	CefSharp.BrowserSubprocess.exe
5008	CefSharp.BrowserSubprocess.exe
4244	CefSharp.BrowserSubprocess.exe
4436	CefSharp.BrowserSubprocess.exe
5948	CefSharp.BrowserSubprocess.exe
2128	CefSharp.BrowserSubprocess.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
5284	wave_bypass (3).exe

Drops file in Program Files directory 6 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping4928_346873650\_platform_specific\win_x86\widevinecdm.dll	WaveWindows.exe
File created	C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping4928_346873650\LICENSE	WaveWindows.exe
File created	C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping4928_346873650\manifest.json	WaveWindows.exe
File created	C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping4928_346873650\_metadata\verified_contents.json	WaveWindows.exe
File created	C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping4928_346873650\manifest.fingerprint	WaveWindows.exe
File created	C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping4928_346873650\_platform_specific\win_x86\widevinecdm.dll.sig	WaveWindows.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveInstaller (6).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveBootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveWindows.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133674379519844735"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{0B71AD15-9393-4920-9D02-71A0C58EB6F7}	WaveWindows.exe

Modifies registry key 1 TTPs 2 IoCs

Modify Registry

T1112

pid	Process
5692	reg.exe
5724	reg.exe

Suspicious behavior: EnumeratesProcesses 27 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
4928	WaveWindows.exe
4928	WaveWindows.exe
4928	WaveWindows.exe
4436	CefSharp.BrowserSubprocess.exe
4436	CefSharp.BrowserSubprocess.exe
5008	CefSharp.BrowserSubprocess.exe
5008	CefSharp.BrowserSubprocess.exe
1204	CefSharp.BrowserSubprocess.exe
1204	CefSharp.BrowserSubprocess.exe
4244	CefSharp.BrowserSubprocess.exe
4244	CefSharp.BrowserSubprocess.exe
4468	CefSharp.BrowserSubprocess.exe
4468	CefSharp.BrowserSubprocess.exe
4928	WaveWindows.exe
4928	WaveWindows.exe
5948	CefSharp.BrowserSubprocess.exe
5948	CefSharp.BrowserSubprocess.exe
2128	CefSharp.BrowserSubprocess.exe
2128	CefSharp.BrowserSubprocess.exe
2128	CefSharp.BrowserSubprocess.exe
2128	CefSharp.BrowserSubprocess.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2136	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeRestorePrivilege	2136	7zFM.exe
Token: 35	2136	7zFM.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2136	7zFM.exe
2136	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2192	node.exe
212	Bloxstrap.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2572 wrote to memory of 4944	2572	chrome.exe	83
PID 2572 wrote to memory of 4944	2572	chrome.exe	83
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 4736	2572	chrome.exe	84
PID 2572 wrote to memory of 3808	2572	chrome.exe	85
PID 2572 wrote to memory of 3808	2572	chrome.exe	85
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86
PID 2572 wrote to memory of 3852	2572	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1d-AcYI1SvRj8B-iwa3CP7iaGyuSrBE28/view?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff91ca3cc40,0x7ff91ca3cc4c,0x7ff91ca3cc58
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,10276313417471673799,16252274921330849776,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,10276313417471673799,16252274921330849776,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,10276313417471673799,16252274921330849776,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2480 /prefetch:8
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,10276313417471673799,16252274921330849776,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,10276313417471673799,16252274921330849776,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4460,i,10276313417471673799,16252274921330849776,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4516,i,10276313417471673799,16252274921330849776,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4684,i,10276313417471673799,16252274921330849776,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5280,i,10276313417471673799,16252274921330849776,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5148,i,10276313417471673799,16252274921330849776,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=956 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:408

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2808

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1860

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4328

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Downloads.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2136

C:\Users\Admin\Desktop\WaveInstaller (6).exe
"C:\Users\Admin\Desktop\WaveInstaller (6).exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2608
- C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe
  "C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5112
- - C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
    "C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks for any installed AV software in registry
    - Enumerates connected drives
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:4928
  - - C:\Users\Admin\AppData\Local\Luau Language Server\node.exe
      "C:\Users\Admin\AppData\Local\Luau Language Server\node.exe" server --process-id=4928
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2192
    - - C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\wave-luau.exe
        
        "C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\wave-luau.exe" lsp "--definitions=C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\globalTypes.d.luau" "--definitions=C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\wave.d.luau" "--docs=C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\en-us.json"
        5⤵
        Executes dropped EXE
        
        PID:5252
  - - C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
      "C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:212
  - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6748,i,2640988108162224887,4722361248634369467,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=6752 --mojo-platform-channel-handle=6740 /prefetch:2 --host-process-id=4928
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Network Service Discovery
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:4436
  - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --field-trial-handle=7040,i,2640988108162224887,4722361248634369467,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=7044 --mojo-platform-channel-handle=6516 /prefetch:3 --host-process-id=4928
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Network Service Discovery
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:4244
  - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --field-trial-handle=7572,i,2640988108162224887,4722361248634369467,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=7576 --mojo-platform-channel-handle=7568 /prefetch:8 --host-process-id=4928
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Network Service Discovery
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:5008
  - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=7700,i,2640988108162224887,4722361248634369467,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=7704 --mojo-platform-channel-handle=7696 --host-process-id=4928 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Network Service Discovery
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:4468
  - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=7764,i,2640988108162224887,4722361248634369467,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=7828 --mojo-platform-channel-handle=7812 --host-process-id=4928 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Network Service Discovery
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1204
  - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --field-trial-handle=7880,i,2640988108162224887,4722361248634369467,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=7884 --mojo-platform-channel-handle=7876 /prefetch:8 --host-process-id=4928
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Network Service Discovery
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:5948
  - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5004,i,2640988108162224887,4722361248634369467,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=5192 --mojo-platform-channel-handle=5016 /prefetch:8 --host-process-id=4928
      4⤵
      Executes dropped EXE
      Network Service Discovery
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2128

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x51c 0x514
1⤵
PID:4280

C:\Users\Admin\Desktop\wave_bypass (3).exe
"C:\Users\Admin\Desktop\wave_bypass (3).exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:5284
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c reg add HKCU\Console\%%Startup /v DelegationConsole /t REG_SZ /d {B23D10C0-E52E-411E-9D5B-C09FDF709C7D} /f > nul
  2⤵
  PID:5676
- - C:\Windows\system32\reg.exe
    reg add HKCU\Console\%%Startup /v DelegationConsole /t REG_SZ /d {B23D10C0-E52E-411E-9D5B-C09FDF709C7D} /f
    3⤵
    - Modifies registry key
    PID:5692
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c reg add HKCU\Console\%%Startup /v DelegationTerminal /t REG_SZ /d {B23D10C0-E52E-411E-9D5B-C09FDF709C7D} /f > nul
  2⤵
  PID:5708
- - C:\Windows\system32\reg.exe
    reg add HKCU\Console\%%Startup /v DelegationTerminal /t REG_SZ /d {B23D10C0-E52E-411E-9D5B-C09FDF709C7D} /f
    3⤵
    - Modifies registry key
    PID:5724
- C:\Windows\System32\Wbem\wmic.exe
  wmic csproduct get uuid
  2⤵
  PID:5296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5364
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c mode con: cols=99 lines=33
  2⤵
  PID:5380
- - C:\Windows\system32\mode.com
    mode con: cols=99 lines=33
    3⤵
    PID:5472
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 09
  2⤵
  PID:5460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c title WAVE BYPASS
  2⤵
  PID:5440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1480
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5632
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5652
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5656
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1364
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5816
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5844
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping4928_346873650\manifest.json

Filesize
984B

MD5
0359d5b66d73a97ce5dc9f89ed84c458

SHA1
ce17e52eaac909dd63d16d93410de675d3e6ec0d

SHA256
beeab2f8d3833839399dde15ce9085c17b304445577d21333e883d6db6d0b755

SHA512
8fd94a098a4ab5c0fcd48c2cef2bb03328dd4d25c899bf5ed1ca561347d74a8aab8a214ba2d3180a86df72c52eb26987a44631d0ecd9edc84976c28d6c9dc16a

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.dll

Filesize
4.3MB

MD5
6546ceb273f079342df5e828a60f551b

SHA1
ede41c27df51c39cd731797c340fcb8feda51ea3

SHA256
e440da74de73212d80da3f27661fcb9436d03d9e8dbbb44c9c148aaf38071ca5

SHA512
f0ea83bf836e93ff7b58582329a05ba183a25c92705fab36f576ec0c20cf687ce16a68e483698bda4215d441dec5916ffbdfa1763fb357e14ab5e0f1ffcaf824

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe

Filesize
249KB

MD5
772c9fecbd0397f6cfb3d866cf3a5d7d

SHA1
6de3355d866d0627a756d0d4e29318e67650dacf

SHA256
2f88ea7e1183d320fb2b7483de2e860da13dc0c0caaf58f41a888528d78c809f

SHA512
82048bd6e50d38a863379a623b8cfda2d1553d8141923acf13f990c7245c833082523633eaa830362a12bfff300da61b3d8b3cccbe038ce2375fdfbd20dbca31

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.runtimeconfig.json

Filesize
372B

MD5
d94cf983fba9ab1bb8a6cb3ad4a48f50

SHA1
04855d8b7a76b7ec74633043ef9986d4500ca63c

SHA256
1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a

SHA512
09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

Download Submit
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json

Filesize
738B

MD5
4f0336d107e8d4382920edd537c28088

SHA1
8746f7c55344c30a05e74e4f1f6feea24c8e1374

SHA256
5e4dbf0a5b9d5fa2ce198f84eacf25fff36b965df5a1fe220db2269e16741d59

SHA512
613b7c72099c816083b0fb599ce873162729e95e03bd204db18ee7ab80593aaf6a20170eeef0a506956bafe2b8e1472cb0fdc294bcc2ff92437ab1c1a426b0d6

Download Submit
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json

Filesize
850B

MD5
820a46fec210f33f8435b30f81ffffac

SHA1
0d7885df97b9d0da46603881605ac3225cf322e8

SHA256
4cd4cf1d7ba8d291094b05ea93bca3d07026f6cf12f775791f76b4f23ca97e7f

SHA512
1076cd9c0054faa5c1954514aa6cf9afdb53d117c5947dc606d337847d2fd30c43f89ecf8e6133950fcee2f7b996f06a80d641f14fab82cafc87b43817ba1e2f

Download Submit
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json~RFe5b45c0.TMP

Filesize
529B

MD5
0943aee4ec73d1692c9d812c5d77c3c0

SHA1
21cb8ff6393c0136c1320ce10328ec7b03642a24

SHA256
03442ee6aa5252f3fad3dfc21c8e58ba4ed8458a7de9e759c227fd43fcac15fd

SHA512
f753b8992d064383ca10a70d4058cdc496fa768ae0701a8d052e8ed9768c7190e91dc77e6623119d213fde8efe2e8d5a18e6b21f3ffd05bab070df1eb04f7a67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\01555a93-5d21-44cb-9608-d3bb6bff962d.tmp

Filesize
9KB

MD5
ebf3a1ced296a0513dfc40204d9fb6f6

SHA1
639af1d105a6f1c978e07a82272c5cbb8f1a67be

SHA256
2db6fe4e19ed2ecb78d6a5918dc2e3932f3fbff52af4cd625f1e056609c92c82

SHA512
94537143dcfd929dfd8cec495af8a759cde2f63e012c892e449643f5ca46ceb820c997c1d1b41924d1605788bee2b38564c655cf47ecbd59e30ceb425acb390f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
9ce8d3caca4dc029b4aef7e2fbf87794

SHA1
a204e89a52d1eca46d4e73828302a91d4f16f9a4

SHA256
bf23debf9b35ca68b007753009198c8aa0d655df64cfc5026d3f56107687c1fb

SHA512
4d05712f26469f47724b4353880fc4f0fde2b2b5bfb4dc57136a5d7d903288151e9d1c16c60ce996c93c23f00a2d900e6dfe258773f6b68546453544f104b643

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
8a64848da117cda4bb3f9109db6ce3d8

SHA1
526148557d2338c50e57027138efca05c9564112

SHA256
ee01e8645b46633b1db5f149b6b2f97133eb4a0f2de8e95c7819d657cbaa9d80

SHA512
b2303a5b90b84e3a40416a5deee9e36bcccc4c085c91bca5b77c579185955f23a46f3d7656976176d115bee6f8089c78c3a7399832cb210e37ea9cee4e00b5c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b138b48ab0455ce3477a672630e082be

SHA1
d65682b09ea5dd1c4544d7ead43bf9b3d4b16a12

SHA256
c1fa82f96e059a325ce335752691a77997ac9068d636c7818f9cb71945fe64d4

SHA512
3eee595d2970011c96b8f2cc6c1af96f2e9302f123523d0241257fb67d0b291b1029fdfee2b1f983b5f7092fcea6e9d5b12bd1018d041f397cd6a328518bcebb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3452f2032e4a2bba3b859fb9f116602f

SHA1
ff33f37a0413fcb8a5f9de8e49cc0b2e0081e76d

SHA256
576f93b569f12d3ab7015946ea359a26c9458acebd3cfd347418aa16f959fe29

SHA512
ef7eae7e0f978522c490746299d27e875f6652b39cc2d3ddc0940f11b64d836f657ad0538b95ff47d8c6193ae9c29aec044118fcbe6e0738b7403a36d8dd6056

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
57eeb75a683f6a884abeae6dc5c66081

SHA1
159ddee3f9216e446f62a3ea878add896967a0bc

SHA256
0f061951da80fc77443b600ef3ded0f3d87dc2b075372e3e061754a1c6475ea8

SHA512
e4f8400a9d1aafcbfe947eaf8948bb1b268d82f7f37a882313ece59b08c1b82cbc80632f4fb740918dc9f4984ddafe191dc0f32976f8d335f9ae6dacc9c90c10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5afbdab213186b903c4a665a8dc7a7dc

SHA1
182a611b9c18594d305036f56f2feff981504090

SHA256
97e8498c5e11a9d5b38961db2202e9450909d6007a7d0be5ef06aa8ba233d067

SHA512
58009df8f175f90884cc263a8570b54ca7311922580ef5e91e011ed3aa9345cbc0bacfb7dca9445425d0e0b90ad4deab408432244aede4b7b1f794e5604f1334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1ed1c0469b7576cccb71b82f88f2ebb2

SHA1
79aa1e85d18cda13251857057091342cf984159e

SHA256
8803419b60319ad04ae7788e90a9e06108c69f12815e5ea7d73ba7b8545579c6

SHA512
63f715833eab62433e9fff2948f0016a0ce697b5d619e123ddb0a8ade4521e185e7cc09ba003c4afb0d54b62b3ee5044856d9ac60bd6babe8f95f7aacaaa7005

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9cf8caaa6deac772f2aba25ac18e1e4f

SHA1
c4edecd7c25e184c41b303969189638ab5bc5668

SHA256
2c6fd586fa3ff37de1c42a1e20cf82c9cb0a871e0746cbe930606627228ecf73

SHA512
18d25456b3ce32a918402f4225bd3de70e519d546885aea04bad72b91fea6c1a2600fa63792ff569dc7be6a9376f38a50617c82de4cf7dd479a7b83bdffd85a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
22f60bc408f5df653c3c61d04fdddafa

SHA1
3e83bdf1890dc3eb88e9153d139ba93dfc57ee4e

SHA256
a3a19754b6f81c6d60b9a396f9f9cc1563253a48622c5ef1a447fea60a9dba52

SHA512
44222589756746e564b1e30b2471e695bee529e748e7cf7e2fecad27262b6a5feb591163708d75174d7999eccf5494564d97305a5f8ddf8b08ab5be7fe43d0a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2f89abc9ce90aa8cb452c4fbd1959bbb

SHA1
0f3b7b7640b22d422cccf35fc6214fd94ce37fb1

SHA256
f278b6a8870a65521769163816258a6405d473ea60315156aafb568cb4b826ee

SHA512
2eb08a61aba887aa25ac6e9f31c423eb03ab9d4de33e9c3d7a3a794613e12bfd955f6633e09945b71cde134934c0929e7abb42a0aa5cd44510c52ba4e4c85033

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8e0251d5e4de1d541e0d7a3f1de72957

SHA1
bd4635d0ba25d719b299bee211d977c57d7fc20f

SHA256
d11aa8b53a9bebf2591ec1e0723c7402f4dff0740990e75ffa1456437499daff

SHA512
9b8abfcb4c117b5cc65d67bbeb50d231d32eaf666e1bf860e43fe18c16c232ae7361e8cc87a2d522f04773e8c90208a478c586a7128e2326f878649a00f73bac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
21de371f3f51b10cd7221f5ea36a3a23

SHA1
bedb3fbecf380f0d3e414b692912057f9d8f8712

SHA256
0ba09a8cec049580f7ff18ef7630cf46a06e1f8b7a19c0c9c700810ad7a4b345

SHA512
f6d5da8a3bd6e00510e0555af0e034e8607597f9f7737435a528c13492b7bfde2b1673d2ce24a1b371e3cb41be1200b153d609d39dff172dfe4b705033a0bc47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1fff4ae3beedb432ef60171d31dc7c82

SHA1
fae9d311a15962dcbac4511b8319b0e5738b819f

SHA256
ed9b09622ab439ea3498a9b22135419e7e91250a811f22e68b9fa9bbb8f754ec

SHA512
b068c7c28338b3c2cec1ae65aee33a88449200d2c5bc5f54ef48a4ac796bd2a48ef087b6df59d5d458d4e93c5bb6cb20cbce6c6e6a650fde4621fc9557c756ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a4a0c0f32783b22bc9bf271437dd6c07

SHA1
ff1aa3ead223110193b5cd3433282b59a596a70c

SHA256
783dbb5eb04e092248d0bebb7f23c18e5bff577cb6b9fa3f3f4ee24cd7c8e000

SHA512
f29dcb77f09644de582808f1fd0fd262ed784b7ca89374c33e2098bb3754afe12c1d8d2f1b499e18288bfbb812e7026c2f00b1ff4fa2f418af0e47d0691ebe53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3441fc1c69a1492df94413794e4ad0a2

SHA1
7c2370360f564d3f6d388bfb02846bfb381667bf

SHA256
20cdb35330fc5733d1f208a6a2f4de8f4ecfd4bf371ede659ec5c375e2d68861

SHA512
d105f66d64d8c7d3fc211538780a3726d89b34de90024bc2f910516957df91a4f686aad06a37ea3c8603168632af0d898ae897fdea1c77742864586b01e7698b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dae96101100a4d6b6a45b2ed8a476aa7

SHA1
720df340d7bd3bee68e9fef2664128204d881636

SHA256
cb41ce4192c0115fd185ff2173b7e760d2e79c5a313b7c8739fe61ac7966065d

SHA512
414b0449f6f5c39c0ca9f51661556dd85c43b7e0c492fc002bdb018d2fbfbe2311e963f9dd7ffa537d8142d70808b1323f2fcaa23d855f1f371846450e80cdd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d7e15b778be37f999b55d8626044f68e

SHA1
45530baa72d77b28d4d7c4df2b2c0ed2924b29ef

SHA256
44a7438b55184f135c5e1f034e8cc28d67e17bc61df3c32921b754a837a286fb

SHA512
30bc937bbc61aaa36a5837203aa3136886fd03d1579bf023780a9de5e880bcf527762853e2c530ad391c472bdeed63abca28c1ab135efef4ec6479a975bd1f00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
66ce68ce54ef70663198ca57700dc715

SHA1
d9a323e36bf36cec7f8532227445a4d63dd2c03b

SHA256
4df24902f09575c3f23a60d6c94e4a7c67ce8f856d82dbe072803ccf96c6b359

SHA512
377068e9bef74d50082a63d6f6b4d32865f4f2c445a3a182eb700902f18f556a798874492a8f4690c34b549467a3faac0eecaab456f22a34f24db117408ba72e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
38d34159739bcb9d871450a00be78bd6

SHA1
2762ce18de23471aca195f64180aa286cc1a618f

SHA256
f02e80d37de88cbe20da1643239b1823d15eef42eae19180c72903310219c226

SHA512
94993fff145ba12cb8490fe461fa10dff29e70ec8f58edfbc2d416e151748972817291a8bc6b5fce7137111fd5b1ca983e8a38be7f4b354ace44ee7370e48725

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d39570cdee1dc8f206dacd737472384d

SHA1
b96c71608a707cc463bc718555e72f6444e4b23a

SHA256
1098cb057b8012560c8a2081e48e650578a7d2b78ae76b768a7c8d3b395829ac

SHA512
925f7658d3b4a72ed4db608349c22d0a6c7cba08213a07f17c8d72ce96d4a6eb79d1339b68012202b5d58a766b7473a2e93c173fcdd371c5f9df43d1f471a4d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
03a87efe8c65ae983f570d7204902501

SHA1
e4d8aa4467f91cc1aab91f6d9996b25c36fdb90b

SHA256
41dbaf3769f1cc4f5564dda09c06a9371d5f593f92cd1a3e9a6f38a523b2822f

SHA512
fd8d4265d18bdf67eb1936972d765c55d931777326c6f37f42e97cc90558c8162411bc7b4c5aead30af54d526dea80225f442c901d0c1ab182dee69c5b147cd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dfc7dceb36bc421a142271468aa3bf7b

SHA1
016e1f213029c4568c2e5b34a4882eb533d46a4b

SHA256
2f0673b08a415eced2054a5b07a89c31e86a352bce39c6afbd21e3d11aa17ed1

SHA512
a342c7c2c735fc9ddfc1e5c18f8eb09c9da6985ba944285c862f1a9884814dfac29b11971e657040b7d062c0ccb2fbd2821c449f6d161c40b47d24387708982c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4a62b523acca1fd12fbadc9f9e402033

SHA1
943c9932df775cd75839c2628bc5a2300d6349ca

SHA256
936ad7f18e830b67af36f0bc9b36d01917ff0ef3ebf0c8d725fe8acc4128192c

SHA512
4f8b72763d3e507e717d6651d5442ad7ee2d4d4fe6f0e1a1ce8cf2665fc00c15ac0f26c107beb9497a7e9301bc0170a54da9cd8c39773c43560bede2267d2c61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6fbb75f20d43692ee61fa68e7b596ec4

SHA1
54fc18c6898d4b3d4be83a1fb76ca60715faac15

SHA256
76b22c498fa8cffa8050fa3884b355f9d926f394babb341b63ed50f916e2211c

SHA512
ebb7b4f7cd4a65ce3e96530de6fb5648c5824244e79e834c9135899d66e381e807515b899400bf44ce4c4c116046e7a567e9de94c9a514d343053842306d241e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ca6ba84befb4264d9bfd74fbff2888a4

SHA1
98d7eaf7ffcaedd15706d30b9356023a0ea2d0ae

SHA256
11dc9dec136f1238de12fe36b170ffb9909b3d83db96cb488cb3bdf0dcb85f1d

SHA512
95b417884c0897818d6b84d533cc9ee7452b35e085214a2bddfa33fe76215f38506b62fbf6145973c56c4f521c66c02ee6b19d683aa148a6dcfb3fd3c89dc6f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
14a82017f9fdd9dae1bb60c8186adea1

SHA1
067873a0245fa3119d0b5afabed7d7a8200f1af7

SHA256
da537fc332e8ab0937d26c12bb619ca096512c89052cd47b22c5e27e3357783b

SHA512
7ffc0d0198bf3e21a6a5288cdf1e8cf15c29536dc7687cf37f13a6593a9ec81bb247a14e6f460e2343b6679c5391ac33e477d31925be57b95bbc99590366ddaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
22f60be6f640126a5086fae353fdfbdc

SHA1
e3f386fd0d4eae57160027f6b8e5938045525417

SHA256
50f74d7ec8fd6ea1945b143d79ec74fc9409dc6a88c1d553b4047c2f80367259

SHA512
f5d566a09d1f31f5b94b95cf40adcf7273220e9d805af9e14b42450dc3776c745264b2aa5d294a0b52af0106bb328bc620ac4b19422be32af0e1ac8665fb5585

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4586c1d621468033785913870e335dc2

SHA1
19b3663a94d584aa66d80799dcb255e1b7fe570a

SHA256
dcab3acabef64738cb8c7a32f746d7ddac4b1b895f247bb4e3d0e974e6f307f4

SHA512
7781459f798a5afd86d184d49c8df477e92c54a12bf7ace6da2a70d88751168d76b7392927cde28949ea629330999d32b4dca4969254dbe6b4a3eabf5ae84f6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9f949ab58c550891ef56107d10ec74c1

SHA1
2aaee026f561e4ef5a62f9d4b99aba738ea918c5

SHA256
577f8e62c2c9d3b562270e0b87356c4306111e62f904e47e8df88c69a930d27b

SHA512
3637a4728c7758605cabadd2cfb2e1318b2b424d62a2f77089c9c25f696413c43a8ed4c4688ba3b3342c1a3840184a7a1003ec3630e38e6f1ae4d307c2c3d458

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d846221d312a15140376880198da470b

SHA1
3daf47816ab08f7498ea3d96994a899df697ea6b

SHA256
e36ae79787bcc688ad89e12f27d5e21f3133ad4c62cb1e1f9d0204348cc3f1b6

SHA512
d1f61480ec4125c3e6068161c00dbda02516629f48244eabdd743c97a2aee72c4adef2981d4b710bc9edb34e6d300521e5383e83345b153ed98ea71eaea1230d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
420309d724abf40ad570ed813965f648

SHA1
b6eedc9df041969935b52b7aaf4ed5f6981a10e5

SHA256
af083fce6fc27c515aa28d5fd6ba9c10a5547a9f1454ca3c66f59f16cc333d38

SHA512
f51160350d7a992b19bf09c0dd03558981617694ae27a96a6646efbecdd136826f8f111dab843dcd19ca33019e80b93a7a9a6467cf02a3f547f7fd3438e55633

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8c3633b72da8b140ee6e4bc1b00d43e9

SHA1
29ab781005bb06543c5d188af99794788991116d

SHA256
b7140f821394271c551f700a0a885e5191294cedd91bb01033987087948d4a81

SHA512
1d15d7929e45c53c1d06663553b17b42385f9cc05b397fb6bdd0a82b01c43b3801b52cfda1817493276e88c480a939b3bf5b70a2c1d407e2213fb64a54b34a84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
123bce7eaa920f9e464cfb7ea8aade9a

SHA1
4bdf1f744b85805995afb4099c6bb46078cc21f1

SHA256
3bfb4f8a427572ffe56012391298eabe5468aa0798ec2bc68f3c57872f2c834c

SHA512
2a806098865932301f7382b293a049be951a150de194d21a1277798b9346208d435db88aa2d7f328774d7783811e38201a615c19f452419be6973dc8b22d1218

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4b2ecce4006b7b499f36c1553ea0ae81

SHA1
13977e5106e34872c5205207d908ddd06ab8113f

SHA256
1697b97a70a47d2fe43164f9f271a3e44a3e28701e8c748c40f62ecfd269a6cb

SHA512
24fbd28bcb463212d6884f1919657dd03e5c4361eae703a668e487c65b2d2e3062eaa6cb20d41ba7f40fc19bad7f0efeba09fb6a431f3580eace4636068ead02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a86be9165f0ae47233bec66da82e0937

SHA1
b9d3465d13f1b24c7f9a6f5d748f49f459dc8736

SHA256
29ee3cfbeead58b4b500418bbc6ea25907f8ccbf958f670779efa3f03e9c7811

SHA512
efc1f54e9a140778dedb44e4cb35ea123c863251ed15422b060c041c9030ce42dcc8a072568aa58fc7256d8070bd2511590252e2c0c4cd795a2e29d0f6dd7fda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
755ae98ca3494f1c6839a1c4ac5ed62b

SHA1
07d6d2a0a09c9130a7ede32b4c72b172e3eb9705

SHA256
798a24231db6a3e682c0cddd6abbd69537ee550e424601da6b9a3f0d725ed6b4

SHA512
7531cbdec1e34e19ec08c93a7fc5f900041fcb98217cde3b794a16b1315c72f4079fd782889c0ef372eb29c31535209d5d1f5672b10c5db13cf89b5ebecd5bf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f74d00dafc69ea113063cf4259776fdd

SHA1
a687ac0318acf6c5075aefde15e007b7fac0e516

SHA256
8f600c914b0b44aa474ddb1f313eb5b81904922831928fb73e569c938c886460

SHA512
f7dd21798777814dba06bd563c89f705cada2e5b85eb7d83bbed47f095ddce8d158abf4ae77eccb7023e2b7d2cf6e579903a10aab645b219877cfc864bc0ea2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c95d4d23ec9e436b1ba8cf30f2299881

SHA1
8f46305c2e01d127e48ce5cdd0cf02af52abf282

SHA256
15f99cdba3932ba8ed1494ccc8c7ecf6ab1f6cbe1a4e80d696b2b949b794d05b

SHA512
15707da11b7ef9d43d02cce1c1bbb082376e17526b14410c9876c33aa5f6e64752bd78097d714d423410de22525fd7c6216adad42361b4d3b78c0178e8c490d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c623cf052a1de747772c55a59dbfcb1e

SHA1
ee3bc3c5e0d64b6cb37a929959ec29058e7e2e1e

SHA256
031a1c8c15d3a19ccb010bb9b62a978de3da3ff335bc45420bf559ba4c4fd969

SHA512
3981ce624bc3c52f14520e4dd976a172b6298d9b2fa723115fbc178b8a1285fcbb68e4752007b6447b1877c99ec6ba4d1e3c19de1795708b3054595f5d285d35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1f4e858a0abc2dd68e0e5541c3f675e2

SHA1
5e4a53d963308c887472eed53efeb3e4560b5766

SHA256
e4a3043f6b92690043d1069b2773478e02416438cfdcaee51880bd8232bb7628

SHA512
40cd832a493169edd62b14910cf6951a829b3abee6635bfcd6d46bfaa2a101bd54d8a29528967ca80714c712526b8dd5a4743a2a960f3c0dd8e35b0aed9d461a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8f2515a6a03931bed8384705f33a79e9

SHA1
7bd850c3bc962002d3fc14d6d60ce2f8cbb42ee4

SHA256
747578bfc46da7ad1e2988d4b7b8881255e378dd1336bbc35b2b6d27a442c3b0

SHA512
5315f18d045cd515a9a63463009167b7d4cb963a44ddcc7c1997da05e973638637a0eb23cd165d0912f4165faf0440acd9e341ef3157c04bac696265b4794ab4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4d4070e4bdaa1651d83eeac05b75e0e1

SHA1
67a6a2ba35d9118a951d0df6fb63a347b9bc50a7

SHA256
4643760344b49269e1eee62fbc7b3d44d4c7760e617fa38f9c9dfe778e822192

SHA512
a13ca1612c43922f4e9662a98dd713aca654287516c5591ab94e5db8c924290981956818bef3fd6a2bfb73b9d1a1d13270f5623e4c158403a94ac0eb568bd741

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f553cf71035df7882fc33d382904905c

SHA1
b48bf5d992ed31987fa864c9d27839e36541188a

SHA256
9a5878fe02ebba331edf18538bacd9127bdf32adb0e7af9c1bad98c9641d7efe

SHA512
d7d0b859f1a586f922848c5d80be7cab39c733377fb7419e1b066017a8309e4ec4bbb3f5de2d23bce22dfb2fdc250060a1e2560a8795ea7b59c0a76046525954

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1521d1444853dd487c945753b2fb3aa4

SHA1
f5842927a229f24c65c360229da9f10e516f032d

SHA256
358b3f92811fb794f12e460b133bfa748db235e8a131dc679c83f5af95892b94

SHA512
55607ade2bd91b64a948a63f254efa1227d68861facf3fefcc58334b7bb45926298df0582ff7a7518c762bd3377e0a9d6fa66f0de1dcadf13bbee0cb4d5e2cc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0a15c8174e8972a66c4867f7d028284a

SHA1
c66e16f41cdb139be52860cefeb0c727c4b793c8

SHA256
fc96ce3059f8cf0d53e006cb03490679c792b99c12fe65faa56f00e9a820c9f1

SHA512
5684ddd13332ce0a2dc70a76078278b01537bd66a82b202ebe90a943432b891fc144dd9f426c1f239908b0fd8d590b1e2b960c5d603d805fbca5fe507b336dbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
183a3519dcc98e64afe4d2b51d3d660a

SHA1
908eb49a59f440853594269efb920b6303a0f112

SHA256
225ba4e4b77b17660af1fedbcc959b9a067c195a5f692f11651781e9f104c3fa

SHA512
c207592a0d8f96fb264c333cab178e767e0b17d7d8eddc84e5698429e07e592768de8a9ea3cae4583a623cfbebbcb2288de5b073fb0eb0e1cff805ac754d6d63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7c4e4cfbc1bd2cd7b7b2adf1029360b3

SHA1
7107a5272173f9f29213b789931700a32c92bfdb

SHA256
a6849b2620a6293d5a84395d8bc90ece529dd476e641bc92f87475c76c9faa0e

SHA512
99651d7e3bc474b8cfc7f46cbb617db34be8be63fdb808f3e9e99058c4ea0cd97607b09b3b72ca235645727759b1c7d3bb1d3bf964df762578e2dc94266b8f77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8afc622129a1d4f5da98aa63cc9e7a60

SHA1
5871710e632a4ca801d42434d3d441ff12b09ff4

SHA256
7e0b69c127797351e78e9c3e4974ff52d7d01bba48f3cba451349890569e72da

SHA512
f289f5dc70a5d82098bbc11bd7749b58c7a5999705e63594ec73d6eda3315f448af3e9518c29d735e19fc102dbc3b7644f9f32c7d20da5292f614b12bc60cd4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
055a3733127faed19229dbd71d72057f

SHA1
017c37068d97333f7a8e90af6e93cf473ce46396

SHA256
151dd736cbd0b21273a3ef5e1078d63c1f62e798ac52d528b3d84fff52d730e8

SHA512
c6aadc1f623739f6450612be80a57a10c766ec988c234e1ba5a4e90c1175cf893444295aada8c2cae96c7ce7c423e1b1325b54eef545dd7d0df7ab49608b05cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2c0cf837758e8cd505f3c34dda5530ac

SHA1
54958dbce1a12a56e2fb34a553a12c45f2c60c5a

SHA256
f4ac311420613ee921a47114827136ed9472edc5d0879dcddad645109c2ba2ed

SHA512
ed808c252d2dac32bef8f88ec589b5e78a89cdeeba13d1017c22de3c4c41d31e6c5f3e6c24e624365012d6e1f4822a80557308d7b36c3228e8d15379738d3985

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0b37d2afcf0e293be1576eb8140557d4

SHA1
d5da6f7dad8e4e37f62f7712f91b78cc725fcd62

SHA256
c781f75705a52b26c71885c87fbc7c9e7da49b58138741961ee67d36ec9fe2cf

SHA512
c3bd86dc30439c65f522f831b28d3423032ee52cc16089df84d728bf6f9605b776a51a3255fb0d2b3f7b2880592ec2ee0bd05e095932f7184c74048ce43e0cc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d5bb60bf3c1651d8d7bc7f1edc850848

SHA1
352a160c9993c4524b6b4777778cb93836e2c2a0

SHA256
6f073895e8ba0c3fe08a378c2430f0bcef898f9bbad873fed2f3bab9b6e5149d

SHA512
824a9a4d19d0aef9ef6b4d1ea764508a15c76c087b58b68c53b1df6264ab6ff0d92592e8e62da82ac2b7b0be97cbe5bb84d2ef4917404c4158472565ef5a84c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b8de0f5f4906a24def18cee053fcbf6d

SHA1
104ed47c9c901290a43a9506888be2a0f79243bb

SHA256
3722fb13e0b7ad99c15b199c86887178f9a2c1a65511b4a1ee9892c300366563

SHA512
396fe9c10960ce804f7e8e5a3b770bc2cc7eedf3798587aac861e0d5c1e5da7951252934d4fa63e730d2ee9a1fbafee2747b9963bf3bb8dbe1739b1f795c8aa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8eec9220905970ec65b612d4b076625e

SHA1
8a3e5e8ce9666381da45f2c5870475e8fcea5a05

SHA256
f798aa203656b6652b1fa509ba3016fe06632050b2371ab9635e1fb26bc1652c

SHA512
a17aba541f3e601920951f0d1dd3204d23247c12fa97d6bde9dbcfac09a273af8739ee81e2f610160470a765bfae7a9daf9521b31dea8008f5a1c8b8e0473260

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7f3804de62d2be839e0bff9be24358cb

SHA1
03cd34e764d3951027d15578144b38c0b9ac84ca

SHA256
42035a377eef0c3dd3c81693fdb4b1bbf23bf87be01bcc8ac2d73cd067cf1e29

SHA512
63b19e9389641e8ce17642069655409f5c319a2bea52168b19c132775bf02c69ddaa95a83bc1694fd4c7457479857a7738b78dd58d46f050b2c0ac79139a4b4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
20223da4d1b7a9af827a812841006112

SHA1
81f326cf09d5fe95b198123764036729ed09e4c7

SHA256
6bb4764ad745fda00799cf9bb60f9cc55cce9fcb7d1e896127c9eccfb7db5bc1

SHA512
0b3e7af2c67f719f94f14fcff7861202fba37e5406667a5a49496a5a991f2db26e1c73997db16c39c1fc59050057da156aa173f86a242dbd0d722f02e8eb1499

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e31731f333816b352402a7ab1d260676

SHA1
6859e98e8542547c7699f7c3153ce86a11bb1890

SHA256
4d72a229ab7c6e09a35e5619b01bfef6a331db3a285eec85c4ab487ad5f3d16b

SHA512
32f3fc5df971429fb6603190c741e3c9a362bcccbf9c61216333a850a9230d5e30450734d842b4fa0ef89f11cfd1c50117a2cff70a459cbc985c1675609dafad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
47044cf49bc29438096b28e9a6ed8922

SHA1
e2db0891a3ee2cff936c103ca6146109072777be

SHA256
3b1bafe78c3b089ed704260b7b0166fde1f18514cbd5419f1bd4a9f5be79f661

SHA512
8734a3e1b491a2a6e3fe801b31eb04b461564f89cda6d951faefe6dfdc5eff2fb870ff16723f8c7fc8ab49cb5e3be39653cb4d0cf21f0f7e8d36956e14a303fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
516954f711db64305b3b82e2bee1fec5

SHA1
256c9f22228e244ae718f1fdc7a99eb48a2d535b

SHA256
32bbd528563bf18336503acbd75ccccf9094ec820a58f820d663bfc599864d31

SHA512
a55df333192331de9e75f3b91d234c42d316f4fcb702a7b1fa6f00f6f5c6a7fe2bc34de32744119edc45fe97cbdbd3cabd714111be5af0bc97daa69f47bc591c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0b1f10db9de26304101c00ea957d03bc

SHA1
a95c0e5bb5f1a9cf21f9aae704b8b0a1f66c2f41

SHA256
5722fa05a6f4fcd74fbb1b91ac7da360112625dd0fb84afc43057a22fcb05a1f

SHA512
703b24ea80710015848b1fae910afb290bf92a6d3527aaff287c1675d7830558752f67d493d473be188422384e5575cd26c0d4f4d3283a6abd1f63dff2cf645d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f20679a6741f76ddf2521af3b4d16c20

SHA1
d0051d0947a28298a94f593445179c76b6a6fa6e

SHA256
f8644d85075d51205fbc0f3045eb35c9f9150440088bde5f5e2dcdda7a127e87

SHA512
11f54ef3315262d1f50f03df02f3ed48efa4b1a4191c7e8c93e1e0a73305aa6235894abc5eef9b49aaf6153af604d0df6a18296640c4fe2ff8fca2bddd2c19a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
43c0663d7fefb8119112e989e0c0cdf3

SHA1
1c59dd4fb9c93ba948e95e6ebad8524a3e0999df

SHA256
29934a4d729cd9a150229ccf862499e78ed45e4162d2f29e9b0237b135551aba

SHA512
f36fa7be0f20d8410c570a1bc68f200c022c4d7dc94e8b60b522ec92c8d819437794932e6b14331e9764f1a0d501df5e5dbdc80b851b42d7a7fe8b47c8123776

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
44a599e21a848afcc38751075eb1b1d4

SHA1
e0ac717816a0393e37083061903329700d98ba61

SHA256
32af0bb448b4bd6ae18d9d534fdd4f161f617aef1ee5cec087763a8215c970c0

SHA512
448235f5cf9746c6bd578ae7af0d7d4adf0131120355d4ad18b865a0cdd586b46601895ec535ebc25f125d4390da9b4caf9f819ec56f573ae81ffe5f28e8bf7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0ee3f7ab1927464065b7ee0a3ab00f5e

SHA1
05fc8af0acec134851b7801a66bd1a05ab5974cd

SHA256
f98bd2cab390de8e5042328bc93db05d28cb4fa0fd382924b374a6b1d5de9426

SHA512
17d75a9bb164c8f5e121a2ff13db6fc6364b5a957132c9d527b942fdc8d67994adc2af19fc1bbbec642420f0d2b4db80225829051f30ed0d3de40b0c731b346a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
251613eb55604fabda7ff24e6bdfc7ea

SHA1
3f2b9f4c86689bbdd414d58537f73c3b405d43b0

SHA256
2990191d37b3e2621d61b9de85702195dd66d49f17ec77a8bc8f6d23018d1424

SHA512
67f45e9f9d278fa89cf4ed54c5a645b4d83768c1e365684cd4ed40e7b9870e279a9185493e07b6f2c29b2e314547bc83f00ed271628268b960d7e95f181638ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
24edc2a65d5f225bde749b8625fd9e17

SHA1
215e4573fcb384cb88b5eab2a7037f9feb697b0d

SHA256
3f311715d85fac58a18f4245504acf4ef952e4cb13d2edcf45b262a949f8042b

SHA512
d0bcde04137776bc07477cf73f6f1c2ba047051c9e9537080c7ba110d305a29d41b9faf03268eb2d96508872587ada43f03eda0fc67eb1e6a27e589ebd0ed267

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
139b115f26a2008282fee892ffb0ff32

SHA1
3e862134212916351c28d1b24758a96b901bc4ae

SHA256
fbfb1cc9e77d0abeda3442ebdb5a7b3ea8b63bc2891efe3344012852db7b31c9

SHA512
f32db4b076a38f8dfb45d86652f816214edc2b18fe5696a95a410fe56e8500301471b0bb96518ae6db1a3dc73cf9d88c974b1265d91d07ffbae6a33cbbf8b2be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c693f1bc8266d7479829c391059720ac

SHA1
a6831a36b9f35db30067239275232a43dd7891f4

SHA256
b4ec8fa9c2ccbb96db104dd618e466012c0e0745dab65ac416f5e45c31f75ea7

SHA512
9c98777b3d404b54e8add2c9927a77173610485615b2cdeca122be7d93b57a78369aadc3594d958ec6433a83e6d3544985b6811950d502b40a21f430165101cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6b17a491500a7586b99f219b1bffc9e0

SHA1
b1ea4560a63d11f2d0387f48ea1b3508aa8dab28

SHA256
a5d75a8a8f72f164c2cd1761d8f972d1852e891d37f394d7cf4571adbd9be310

SHA512
8f679dd181938e1ffe1dcc1e709f584614b1861f0a09f99b67625ac2e5140a516e25624128ddd61e1117a9555faee9cfa6db4911e88dc69f383bab2e23ab32d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b67757c46e96ce5baf7f13f9dca4d67d

SHA1
842b0ef857418520ee17c803d3f8c5d4a02b87d3

SHA256
c7bee3a3201ff562f746cca6e2cb0c23c3dd765dd42a0cc29458fbc4a058c438

SHA512
2d41118fea73500d1fa9990a96aca911e57ec9990f671f0da4cae2f5045972097359ee44f95f3997553cbeaae13bef391d7954ea338cf5882aa51344cdb9c407

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a7d31575-b510-4db1-84a7-2842364fe1f5.tmp

Filesize
9KB

MD5
2b0f29e5428138d060c0fc8fbb530b8d

SHA1
637d3bad5b294ddb429e96f5e46e562dc393d9f2

SHA256
9a3f3afc493ec6708a02ebb140092cc2381d9600c7e84b3d358e53d4f39d1321

SHA512
c2a8c404732e7652485fc16d5300ac7585b55b38b464449888e19f85f574bdbc14c5e7de0ce2c5b86fe2a52ed8947d6bfc79a882fd16102132f40de7336d5d7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f69ad074-faf9-42ef-9592-d8d690b2d692.tmp

Filesize
9KB

MD5
ac6ed06f1dcd3b7c94db034150296e3f

SHA1
05acc429c6072ec7e0149061a1c1a9c0b455e3c3

SHA256
a38dd167e181c224ffb20f003ee48c8ad12f28b17d7074cdd547f3d16465f3ad

SHA512
7782d4be90373b5466ca66de3ce8d5d656f52f1e8438dce2851cb28253eb5687941167787107d9dc16477253e3534bbbb20818a85b1d2eb5e8ea56538380dc4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
d3a29f521d59edf9deb31f3f79302335

SHA1
4124aa348cccd1ae52ee6ed8a29938f9520bcc9a

SHA256
8f16f5f2e1d49f62336892ce27a19b73f23277c6dd0376fd708ea627675ad13e

SHA512
0d4b3fba2e5790ca848403316d8d13159c87ada1740922ad4ec3ebdeff6cb5ea0783ae13f122636a77948bcd24406bbd34e45fb72de7da3362a92867ad4bdad2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
e1bf3dd6aec71a82f525b0230df9f490

SHA1
1013a302025d807b2798c20c97c38585f58ec001

SHA256
d221987d3f9e9a1893d2f6618cc5e716026322e261e0528cae867972a19e45fd

SHA512
63fdb6261ec20d3226c33df90b0d67dab7901aef77d6f54f41735f9dd50d7f5e8b577472909107065746dec6dff900c6798eab1daeaeea9c9fe1cfee472409a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
aa69e504dbc6f790639d0da3beef0144

SHA1
18fe628a27789419790a55c05f8e7df2dd97628f

SHA256
601cc4aa7276459d5fd5a1d4eea3506ded80534e10e803535877303cb798a5fa

SHA512
e16f4ed04c74d973c751e9146aa963685b7559d0500e88dcdacb9924bc751ef7663fd3251ff310122031b58f8d320a88f01794211416432a73462bdb94864869

Download Submit
C:\Users\Admin\AppData\Local\Luau Language Server\server\index.js

Filesize
6.1MB

MD5
6b1cad741d0b6374435f7e1faa93b5e7

SHA1
7b1957e63c10f4422421245e4dc64074455fd62a

SHA256
6f17add2a8c8c2d9f592adb65d88e08558e25c15cedd82e3f013c8146b5d840f

SHA512
a662fc83536eff797b8d59e2fb4a2fb7cd903be8fc4137de8470b341312534326383bb3af58991628f15f93e3bdd57621622d9d9b634fb5e6e03d4aa06977253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
896KB

MD5
536dbe76ef96995f25678c3b7176f907

SHA1
2d42c3a01f8c92b2bb970838d5e0544200c9333d

SHA256
c6f7330d814c0757d45f48dbc2d1c0ca855068ae224522d4926bd65c573171d4

SHA512
0424702b3f13c8b05ecae67e3d9d619f9360ac24f5f50a60e3b87eed2685897c2931b2bb75668c46482e0967e26cf90776a254e14cdac42092770b623f82c6d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\31840d98.dll

Filesize
10KB

MD5
d0b0669374e69be483c04e0bc7c18caf

SHA1
33dd016fe5ba76ae45c1444a6defa1f5afbd0556

SHA256
c9e3daa7fe44f7599826c93286956b10c452ae5344264b2c751efbd5698f32f5

SHA512
13695a52101da7858acbf2bc26e8d711105e0bcc83f9f8787622a134427ace971f93cae4801b2c7e875b5272795b987cdc9bde06e4b59822dda9e8febab6c529

Download Submit
C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.Core.dll

Filesize
915KB

MD5
100c32f77e68a2ce962e1a28997567ea

SHA1
a80a1f4019b8d44df6b5833fb0c51b929fa79843

SHA256
c0b9e29b240d8328f2f9a29ca0298ca4d967a926f3174a3442c3730c00d5a926

SHA512
f95530ef439fa5c4e3bc02db249b6a76e9d56849816ead83c9cd9bcd49d3443ccb88651d829165c98a67af40b3ef02b922971114f29c5c735e662ca35c0fb6ed

Download Submit
C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe

Filesize
7KB

MD5
516ff62b2e1f4642caa954c0968719e8

SHA1
e349d0ce82e2109dd0d18416d9cf46e8411b7f15

SHA256
19da58849cec5933860116e60a1e94b08e30d90e0f955768270b47998d612045

SHA512
7aa4a0c87b29c2a84f585a884d8208fc2352a43f2cdb549c100e3b121837ad5f8dadb1101f57d1d3fcb7ebec9d9f22e07dc14239b7d2e2d25793c999becf288b

Download Submit
C:\Users\Admin\AppData\Local\Wave\CefSharp.Core.Runtime.dll

Filesize
1.3MB

MD5
09cba584aa0aae9fc600745567393ef6

SHA1
bbd1f93cb0db9cf9e01071b3bed1b4afd6e31279

SHA256
0babd84d4e7dc2713e7265d5ac25a3c28d412e705870cded6f5c7c550a5bf8d5

SHA512
5f914fa33a63a6d4b46f39c7279687f313728fd5f8437ec592369a2da3256ccff6f325f78ace0e6d3a2c37da1f681058556f7603da13c45b03f2808f779d2aa1

Download Submit
C:\Users\Admin\AppData\Local\Wave\CefSharp.Core.dll

Filesize
898KB

MD5
1bb24b22d9bd996c038d26b600ed18a8

SHA1
c2629a8a26c9c0969501923f84874838087cca2b

SHA256
944b987a0b677d354e24ee15bba65f73b0f051338f576234a975a49493399873

SHA512
38578e0d1a39ccc9851ff80d3a0f5342a34303229e2898c3ca32dad11017d4277720f54b472c2f1a0b73f47d5ba6352aa7be8ae2ed72b3b25a01dd8292591421

Download Submit
C:\Users\Admin\AppData\Local\Wave\CefSharp.Wpf.dll

Filesize
114KB

MD5
ceaf0bad83fac8ce71853cd820e4ed9d

SHA1
4eed686fbba7d4603b596fb8e494b8f452a05886

SHA256
eaced1f76adb8ee756033baee29a47b1f4d4b657ebd105a7e25c8dc4fbc48cba

SHA512
4ed3f83e797eade8f0d1c6b80ce49d18f00daaf5d69421a4920e3cea2e7d78c3622193ca65b6ab1dab14c57e7f893a7b1edb27b83f343ea4df731d80aa21ff82

Download Submit
C:\Users\Admin\AppData\Local\Wave\CefSharp.dll

Filesize
272KB

MD5
9ca06a8f9e5f7239ca225ab810274023

SHA1
e1a219f567a7b7d3af9386df51b14c76e769c044

SHA256
5fd00ae3e83e6ca156647ff6df87b49ffc7cad47c23fe3ae07c067c5adf6f74a

SHA512
430c9bceed5439b987d5bd4840cfe32411ca61594f18597aca1948aa39a22c9d70beadf3bb9b1dd0373f81a94a25dcba17fa8e8c73abf06cba28d0971d5614c5

Download Submit
C:\Users\Admin\AppData\Local\Wave\D3DCOMPILER_47.dll

Filesize
3.9MB

MD5
3b4647bcb9feb591c2c05d1a606ed988

SHA1
b42c59f96fb069fd49009dfd94550a7764e6c97c

SHA256
35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7

SHA512
00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe

Filesize
949KB

MD5
8fb51b92d496c6765f7ba44e6d4a8990

SHA1
d3e5a8465622cd5adae05babeb7e34b2b5c777d7

SHA256
ab49d6166a285b747e5f279620ab9cea12f33f7656d732aa75900fcb981a5394

SHA512
20de93a52fff7b092cb9d77bd26944abed5f5cb67146e6d2d70be6a431283b6de52eb37a0e13dc8bc57dcf8be2d5a95b9c11b3b030a3e2f03dd6e4efc23527a6

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe

Filesize
8.0MB

MD5
b8631bbd78d3935042e47b672c19ccc3

SHA1
cd0ea137f1544a31d2a62aaed157486dce3ecebe

SHA256
9cfda541d595dc20a55df5422001dfb58debd401df3abff21b1eee8ede28451c

SHA512
0c51d6247e39f7851538a5916b24972e845abfe429f0abdc7b532f654b4afe73dc6e1936f1b062da63bfc90273d3cbc297bf6c802e615f3711d0f180c070aa26

Download Submit
C:\Users\Admin\AppData\Local\Wave\bin\Background.mp4

Filesize
4.6MB

MD5
9782180eb68f73030fe24ef6a1735932

SHA1
589827fe098ba048c9f871a28db8eae3e3537ff4

SHA256
3a1cbb800f8f25c2ab703ba8bfdb01e938e4143c3bc0fea8ca734fb5ba779ba7

SHA512
dc768638bae2d6d47d8910252ae64a656d8a6fd88efdf24165ddce51b7afdb4acb3fddd41dfe788737a2cab4fab66174db2f0d2f48bc8669af76d1656bca8be1

Download Submit
C:\Users\Admin\AppData\Local\Wave\chrome_100_percent.pak

Filesize
667KB

MD5
ae195e80859781a20414cf5faa52db06

SHA1
b18ecb5ec141415e3a210880e2b3d37470636485

SHA256
9957802c0792e621f76bbdb1c630fbad519922743b5d193294804164babda552

SHA512
c6fef84615fe20d1760ca496c98629feb4e533556724e9631d4282622748e7601225cf19dfb8351f4b540ae3f83785c1bcea6fe8c246cf70388e527654097c1c

Download Submit
C:\Users\Admin\AppData\Local\Wave\chrome_200_percent.pak

Filesize
1.0MB

MD5
1abf6bad0c39d59e541f04162e744224

SHA1
db93c38253338a0b85e431bd4194d9e7bddb22c6

SHA256
01cb663a75f18bb2d0d800640a114f153a34bd8a5f2aa0ed7daa9b32967dc29e

SHA512
945d519221d626421094316f13b818766826b3bedddab0165c041540dddadc93136e32784c0562d26a420cb29479d04d2aa317b8d605cd242e5152bf05af197e

Download Submit
C:\Users\Admin\AppData\Local\Wave\chrome_elf.dll

Filesize
1020KB

MD5
7191d97ce7886a1a93a013e90868db96

SHA1
52dd736cb589dd1def87130893d6b9449a6a36e3

SHA256
32f925f833aa59e3f05322549fc3c326ac6fc604358f4efbf94c59d5c08b8dc6

SHA512
38ebb62c34d466935eabb157197c7c364d4345f22aa3b2641b636196ca1aeaa2152ac75d613ff90817cb94825189612ddd12fb96df29469511a46a7d9620e724

Download Submit
C:\Users\Admin\AppData\Local\Wave\icudtl.dat

Filesize
10.2MB

MD5
74bded81ce10a426df54da39cfa132ff

SHA1
eb26bcc7d24be42bd8cfbded53bd62d605989bbf

SHA256
7bf96c193befbf23514401f8f6568076450ade52dd1595b85e4dfcf3de5f6fb9

SHA512
bd7b7b52d31803b2d4b1fd8cb76481931ed8abb98d779b893d3965231177bdd33386461e1a820b384712013904da094e3cd15ee24a679ddc766132677a8be54a

Download Submit
C:\Users\Admin\AppData\Local\Wave\libEGL.dll

Filesize
359KB

MD5
7dd6b0e4a31d35a0fae5ff425707073c

SHA1
fbd12e9f8e2252c52ce555c2ebbd7f07e62a0140

SHA256
8762d8001fc3ddd90e3129dfea172817e8d09b9936eaae391957de4326c8c906

SHA512
726968df6b83ab5f589276672250d92f532fe2dcea2176e42031a7f1dcecf578b0320cfe2a7d88bb9883ad99387d71c6ebf1e9968272bb5e62850ef09abd2648

Download Submit
C:\Users\Admin\AppData\Local\Wave\libGLESv2.dll

Filesize
6.6MB

MD5
8803db5b167fb5a5f8a8c595c4e4d7c6

SHA1
7fde861151f3bea66c65b6c2487a30728048811a

SHA256
52a58d25a41f4bd31cdb4a0d306217862e04ebf7c1925cc85330054a5523d719

SHA512
2fa9a0eda221982896e41eb387b5e156198615ac1a1fbac0acffd13008919368b41a240df416c1fce2e48c20a14cd7af7cca9fba476ada5e64a0cadde84a44b7

Download Submit
C:\Users\Admin\AppData\Local\Wave\locales\en-US.pak

Filesize
456KB

MD5
4430b1833d56bc8eb1f7dc82bb7f4bc9

SHA1
dc15e6306625f155683326e859d83f846153c547

SHA256
b44ddcfac9df4934007e6c55a3c7f5e7f14c7e5e29f35c81de917fc3b22aabbc

SHA512
faf93bf371b2a88c1b874a5e2c54e4487fd152ad19c2a406a46f55ae75ecd421a779888c2e4c170857b16bfb5d8744bc1815a4732ed50b064b3cbd0c5ffad889

Download Submit
C:\Users\Admin\AppData\Local\Wave\resources.pak

Filesize
8.0MB

MD5
4933d92c99afa246fc59eef010d5c858

SHA1
98d443654e93c73dd317f9f847f71fba3d5b3135

SHA256
62f4674daa15245ee081920b8ee191e72f36ca8fe24f6b986a832f45676915b2

SHA512
a3a69523c8e7310716daeebc06c2ba4fce673eccd1958e824ff179b82f4502d0ec095190179bbb387342e4150f952ea7533182fb6ba90377d17dafba8f4da623

Download Submit
C:\Users\Admin\Desktop\WaveInstaller (6).exe

Filesize
2.3MB

MD5
8ad8b6593c91d7960dad476d6d4af34f

SHA1
0a95f110c8264cde7768a3fd76db5687fda830ea

SHA256
43e6ae7e38488e95741b1cad60843e7ce49419889285433eb4e697c175a153ab

SHA512
09b522da0958f8b173e97b31b6c7141cb67de5d30db9ff71bc6e61ca9a97c09bff6b17d6eaa03c840500996aad25b3419391af64de1c59e98ff6a8eac636b686

Download Submit
C:\Users\Admin\Downloads\Downloads.zip

Filesize
27.3MB

MD5
6b5720550c71bc12f51bf787f0d44644

SHA1
f8729ea9e25579453ac5bbef03a395104d4b88cc

SHA256
23a106e5e6e12f1b1509cf9ea840a447c266ad930758f0bde1350e41f3abe10b

SHA512
135cb4e736751e7af2cf0e3a3f6d0e73d9046a9680ec87a0d03a2e6fc8d366767f2d3a04bbfd565c20f0b0d501455eb6b98ec1829c94c1b7e65d06f489ebf6f4

Download Submit
memory/2608-175-0x000000000BC00000-0x000000000BC96000-memory.dmp

Filesize
600KB

Download
memory/2608-135-0x000000000A150000-0x000000000A15E000-memory.dmp

Filesize
56KB

Download
memory/2608-134-0x000000000A190000-0x000000000A1C8000-memory.dmp

Filesize
224KB

Download
memory/2608-176-0x0000000006880000-0x00000000068A6000-memory.dmp

Filesize
152KB

Download
memory/2608-115-0x0000000005670000-0x0000000005678000-memory.dmp

Filesize
32KB

Download
memory/2608-114-0x0000000005560000-0x0000000005568000-memory.dmp

Filesize
32KB

Download
memory/2608-113-0x0000000005790000-0x0000000005812000-memory.dmp

Filesize
520KB

Download
memory/2608-112-0x00000000056E0000-0x0000000005792000-memory.dmp

Filesize
712KB

Download
memory/2608-111-0x00000000009B0000-0x0000000000BFA000-memory.dmp

Filesize
2.3MB

Download
memory/2608-177-0x00000000067B0000-0x00000000067B8000-memory.dmp

Filesize
32KB

Download
memory/2608-179-0x000000000BF60000-0x000000000BFD2000-memory.dmp

Filesize
456KB

Download
memory/2608-180-0x000000000B310000-0x000000000B31A000-memory.dmp

Filesize
40KB

Download
memory/2608-181-0x000000000B320000-0x000000000B32A000-memory.dmp

Filesize
40KB

Download
memory/4436-587-0x0000000005760000-0x000000000584A000-memory.dmp

Filesize
936KB

Download
memory/4436-583-0x0000000000FC0000-0x0000000000FC8000-memory.dmp

Filesize
32KB

Download
memory/4928-516-0x0000000006130000-0x0000000006140000-memory.dmp

Filesize
64KB

Download
memory/4928-518-0x0000000012000000-0x0000000012186000-memory.dmp

Filesize
1.5MB

Download
memory/4928-529-0x0000000011C20000-0x0000000011C30000-memory.dmp

Filesize
64KB

Download
memory/4928-453-0x0000000000760000-0x0000000000F62000-memory.dmp

Filesize
8.0MB

Download
memory/4928-454-0x00000000059A0000-0x0000000005A40000-memory.dmp

Filesize
640KB

Download
memory/4928-459-0x000000000A1A0000-0x000000000A252000-memory.dmp

Filesize
712KB

Download
memory/4928-465-0x000000000B380000-0x000000000B3A2000-memory.dmp

Filesize
136KB

Download
memory/4928-528-0x0000000010EB0000-0x0000000010EC0000-memory.dmp

Filesize
64KB

Download
memory/4928-466-0x000000000BC50000-0x000000000BFA4000-memory.dmp

Filesize
3.3MB

Download
memory/4928-498-0x0000000005F80000-0x0000000005FB8000-memory.dmp

Filesize
224KB

Download
memory/4928-499-0x000000000DAD0000-0x000000000DFFC000-memory.dmp

Filesize
5.2MB

Download
memory/4928-500-0x000000000ADE0000-0x000000000AE1E000-memory.dmp

Filesize
248KB

Download
memory/4928-501-0x000000000B900000-0x000000000B966000-memory.dmp

Filesize
408KB

Download
memory/4928-502-0x000000000B670000-0x000000000B678000-memory.dmp

Filesize
32KB

Download
memory/4928-517-0x0000000006130000-0x0000000006140000-memory.dmp

Filesize
64KB

Download
memory/4928-515-0x0000000006130000-0x0000000006140000-memory.dmp

Filesize
64KB

Download
memory/4928-514-0x0000000006130000-0x0000000006140000-memory.dmp

Filesize
64KB

Download
memory/4928-523-0x0000000006130000-0x0000000006140000-memory.dmp

Filesize
64KB

Download
memory/4928-519-0x0000000010EB0000-0x0000000010EC0000-memory.dmp

Filesize
64KB

Download
memory/4928-558-0x0000000012D90000-0x0000000012E76000-memory.dmp

Filesize
920KB

Download
memory/4928-562-0x000000000B500000-0x000000000B65B000-memory.dmp

Filesize
1.4MB

Download
memory/4928-520-0x0000000011C20000-0x0000000011C30000-memory.dmp

Filesize
64KB

Download
memory/4928-521-0x0000000011C20000-0x0000000011C30000-memory.dmp

Filesize
64KB

Download
memory/4928-554-0x0000000008F90000-0x0000000008FDA000-memory.dmp

Filesize
296KB

Download
memory/4928-550-0x0000000008F10000-0x0000000008F34000-memory.dmp

Filesize
144KB

Download
memory/4928-534-0x0000000011C20000-0x0000000011C30000-memory.dmp

Filesize
64KB

Download
memory/4928-533-0x0000000011C20000-0x0000000011C30000-memory.dmp

Filesize
64KB

Download
memory/4928-522-0x0000000006130000-0x0000000006140000-memory.dmp

Filesize
64KB

Download
memory/4928-524-0x0000000006130000-0x0000000006140000-memory.dmp

Filesize
64KB

Download
memory/4928-525-0x0000000006130000-0x0000000006140000-memory.dmp

Filesize
64KB

Download
memory/4928-530-0x0000000011C20000-0x0000000011C30000-memory.dmp

Filesize
64KB

Download
memory/4928-527-0x0000000006130000-0x0000000006140000-memory.dmp

Filesize
64KB

Download
memory/4928-526-0x0000000006130000-0x0000000006140000-memory.dmp

Filesize
64KB

Download
memory/4928-531-0x0000000006130000-0x0000000006140000-memory.dmp

Filesize
64KB

Download
memory/4928-532-0x0000000006130000-0x0000000006140000-memory.dmp

Filesize
64KB

Download
memory/5112-445-0x0000000009920000-0x0000000009936000-memory.dmp

Filesize
88KB

Download
memory/5112-447-0x00000000099A0000-0x00000000099BE000-memory.dmp

Filesize
120KB

Download
memory/5112-442-0x0000000000490000-0x0000000000582000-memory.dmp

Filesize
968KB

Download
memory/5112-444-0x0000000008BF0000-0x0000000008CF4000-memory.dmp

Filesize
1.0MB

Download
memory/5112-446-0x0000000009960000-0x000000000996A000-memory.dmp

Filesize
40KB

Download
memory/5284-648-0x0000000140000000-0x0000000144B43000-memory.dmp

Filesize
75.3MB

Download
memory/5284-888-0x0000000140000000-0x0000000144B43000-memory.dmp

Filesize
75.3MB

Download
memory/5284-620-0x0000000140000000-0x0000000144B43000-memory.dmp

Filesize
75.3MB

Download
memory/5284-619-0x0000000140000000-0x0000000144B43000-memory.dmp

Filesize
75.3MB

Download
memory/5284-703-0x0000000004750000-0x000000000477D000-memory.dmp

Filesize
180KB

Download
memory/5284-621-0x0000000140000000-0x0000000144B43000-memory.dmp

Filesize
75.3MB

Download
memory/5284-618-0x0000000140000000-0x0000000144B43000-memory.dmp

Filesize
75.3MB

Download
memory/5284-647-0x0000000140000000-0x0000000144B43000-memory.dmp

Filesize
75.3MB

Download
memory/5284-678-0x0000000000EE0000-0x0000000000EE8000-memory.dmp

Filesize
32KB

Download
memory/5284-669-0x0000000004070000-0x0000000004081000-memory.dmp

Filesize
68KB

Download
memory/5284-672-0x0000000004070000-0x0000000004081000-memory.dmp

Filesize
68KB

Download
memory/5284-625-0x0000000180000000-0x00000001806A7000-memory.dmp

Filesize
6.7MB

Download
memory/5284-685-0x00000000042B0000-0x00000000042C6000-memory.dmp

Filesize
88KB

Download
memory/5284-679-0x0000000000EE0000-0x0000000000EE8000-memory.dmp

Filesize
32KB

Download
memory/5284-686-0x00000000042B0000-0x00000000042C6000-memory.dmp

Filesize
88KB

Download
memory/5284-694-0x0000000004290000-0x0000000004299000-memory.dmp

Filesize
36KB

Download
memory/5284-622-0x0000000180000000-0x00000001806A7000-memory.dmp

Filesize
6.7MB

Download
memory/5284-609-0x0000000140000000-0x0000000144B43000-memory.dmp

Filesize
75.3MB

Download
memory/5284-693-0x0000000004290000-0x0000000004299000-memory.dmp

Filesize
36KB

Download
memory/5284-798-0x0000000140000000-0x0000000144B43000-memory.dmp

Filesize
75.3MB

Download
memory/5284-700-0x0000000004750000-0x000000000477D000-memory.dmp

Filesize
180KB

Download