43e6ae7e38488e95741b1cad60843e7ce49419889285433eb4e697c175a153ab

Resubmissions

10/08/2024, 09:25

240810-ldyb3atfjp 3

10/08/2024, 09:22

10/08/2024, 09:18

10/08/2024, 09:01

10/08/2024, 08:57

10/08/2024, 08:42

Analysis

max time kernel
397s
max time network
383s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
10/08/2024, 09:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WaveInstaller.exe
Size

2.3MB
MD5

8ad8b6593c91d7960dad476d6d4af34f
SHA1

0a95f110c8264cde7768a3fd76db5687fda830ea
SHA256

43e6ae7e38488e95741b1cad60843e7ce49419889285433eb4e697c175a153ab
SHA512

09b522da0958f8b173e97b31b6c7141cb67de5d30db9ff71bc6e61ca9a97c09bff6b17d6eaa03c840500996aad25b3419391af64de1c59e98ff6a8eac636b686
SSDEEP

49152:6inbT3qpTDQSmanAmwJAaDMg33U2pLYiniT:6inKpTJmWAmmAMPWin

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 12 IoCs

pid	Process
4120	WaveBootstrapper.exe
4068	WaveWindows.exe
540	node.exe
1144	Bloxstrap.exe
388	CefSharp.BrowserSubprocess.exe
4376	CefSharp.BrowserSubprocess.exe
2288	CefSharp.BrowserSubprocess.exe
3536	CefSharp.BrowserSubprocess.exe
1524	CefSharp.BrowserSubprocess.exe
4596	wave-luau.exe
3452	CefSharp.BrowserSubprocess.exe
4544	CefSharp.BrowserSubprocess.exe

Loads dropped DLL 64 IoCs

pid	Process
4120	WaveBootstrapper.exe
4068	WaveWindows.exe
4068	WaveWindows.exe
4068	WaveWindows.exe
4068	WaveWindows.exe
4068	WaveWindows.exe
4068	WaveWindows.exe
4068	WaveWindows.exe
4068	WaveWindows.exe
4068	WaveWindows.exe
4068	WaveWindows.exe
4068	WaveWindows.exe
4068	WaveWindows.exe
4376	CefSharp.BrowserSubprocess.exe
4376	CefSharp.BrowserSubprocess.exe
4376	CefSharp.BrowserSubprocess.exe
4376	CefSharp.BrowserSubprocess.exe
4376	CefSharp.BrowserSubprocess.exe
3536	CefSharp.BrowserSubprocess.exe
3536	CefSharp.BrowserSubprocess.exe
3536	CefSharp.BrowserSubprocess.exe
3536	CefSharp.BrowserSubprocess.exe
3536	CefSharp.BrowserSubprocess.exe
2288	CefSharp.BrowserSubprocess.exe
2288	CefSharp.BrowserSubprocess.exe
2288	CefSharp.BrowserSubprocess.exe
2288	CefSharp.BrowserSubprocess.exe
2288	CefSharp.BrowserSubprocess.exe
2288	CefSharp.BrowserSubprocess.exe
2288	CefSharp.BrowserSubprocess.exe
388	CefSharp.BrowserSubprocess.exe
388	CefSharp.BrowserSubprocess.exe
388	CefSharp.BrowserSubprocess.exe
388	CefSharp.BrowserSubprocess.exe
388	CefSharp.BrowserSubprocess.exe
388	CefSharp.BrowserSubprocess.exe
388	CefSharp.BrowserSubprocess.exe
4376	CefSharp.BrowserSubprocess.exe
4376	CefSharp.BrowserSubprocess.exe
3536	CefSharp.BrowserSubprocess.exe
3536	CefSharp.BrowserSubprocess.exe
388	CefSharp.BrowserSubprocess.exe
388	CefSharp.BrowserSubprocess.exe
388	CefSharp.BrowserSubprocess.exe
388	CefSharp.BrowserSubprocess.exe
1524	CefSharp.BrowserSubprocess.exe
1524	CefSharp.BrowserSubprocess.exe
1524	CefSharp.BrowserSubprocess.exe
1524	CefSharp.BrowserSubprocess.exe
1524	CefSharp.BrowserSubprocess.exe
1524	CefSharp.BrowserSubprocess.exe
1524	CefSharp.BrowserSubprocess.exe
3452	CefSharp.BrowserSubprocess.exe
3452	CefSharp.BrowserSubprocess.exe
3452	CefSharp.BrowserSubprocess.exe
3452	CefSharp.BrowserSubprocess.exe
3452	CefSharp.BrowserSubprocess.exe
3452	CefSharp.BrowserSubprocess.exe
3452	CefSharp.BrowserSubprocess.exe
4544	CefSharp.BrowserSubprocess.exe
4544	CefSharp.BrowserSubprocess.exe
4544	CefSharp.BrowserSubprocess.exe
4544	CefSharp.BrowserSubprocess.exe
4544	CefSharp.BrowserSubprocess.exe

Checks for any installed AV software in registry 1 TTPs 30 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab\FirstHash	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab\ContinueOnStartUp	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab\InlayHints	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab\TopMost	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab\RedirectCompilerError	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab\RedirectCompilerError = "1"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab\UsePerformanceMode	WaveWindows.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab\Session	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab\SecondHash	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab\RefreshRate	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab\SendCurrentDocument	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab\ContinueOnStartUp = "0"	WaveWindows.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab\FirstHash = "\"30af26a250a07aad89066b8b835ab575-2\""	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab\UsePerformanceMode = "0"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab\Minimap	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab\InlayHints = "1"	WaveWindows.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab\LastUsername = "[email protected]"	WaveWindows.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab\LastUsername = "[email protected]"	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab\TopMost = "0"	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab\RefreshRate = "60"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab\FontSize	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab\LastUsername	WaveWindows.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab\Session = "Bearer d7ea53af-c62b-4134-b1a9-960f23466440"	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab\FontSize = "14"	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab\Minimap = "0"	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab\SendCurrentDocument = "1"	WaveWindows.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab\SecondHash = "\"d904671e8595ebfe64a0add550fc0522-2\""	WaveWindows.exe
Key opened	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab	WaveWindows.exe
Key queried	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\KasperskyLab	WaveWindows.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	WaveWindows.exe
File opened (read-only)	\??\M:	WaveWindows.exe
File opened (read-only)	\??\P:	WaveWindows.exe
File opened (read-only)	\??\R:	WaveWindows.exe
File opened (read-only)	\??\S:	WaveWindows.exe
File opened (read-only)	\??\U:	WaveWindows.exe
File opened (read-only)	\??\B:	WaveWindows.exe
File opened (read-only)	\??\E:	WaveWindows.exe
File opened (read-only)	\??\H:	WaveWindows.exe
File opened (read-only)	\??\O:	WaveWindows.exe
File opened (read-only)	\??\T:	WaveWindows.exe
File opened (read-only)	\??\W:	WaveWindows.exe
File opened (read-only)	\??\Y:	WaveWindows.exe
File opened (read-only)	\??\Z:	WaveWindows.exe
File opened (read-only)	\??\I:	WaveWindows.exe
File opened (read-only)	\??\J:	WaveWindows.exe
File opened (read-only)	\??\L:	WaveWindows.exe
File opened (read-only)	\??\Q:	WaveWindows.exe
File opened (read-only)	\??\V:	WaveWindows.exe
File opened (read-only)	\??\X:	WaveWindows.exe
File opened (read-only)	\??\A:	WaveWindows.exe
File opened (read-only)	\??\K:	WaveWindows.exe
File opened (read-only)	\??\N:	WaveWindows.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
15	raw.githubusercontent.com
32	raw.githubusercontent.com
33	raw.githubusercontent.com
34	raw.githubusercontent.com
35	raw.githubusercontent.com
1	raw.githubusercontent.com

Network Service Discovery 1 TTPs 7 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
4376	CefSharp.BrowserSubprocess.exe
3452	CefSharp.BrowserSubprocess.exe
4544	CefSharp.BrowserSubprocess.exe
388	CefSharp.BrowserSubprocess.exe
3536	CefSharp.BrowserSubprocess.exe
1524	CefSharp.BrowserSubprocess.exe
2288	CefSharp.BrowserSubprocess.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	WaveWindows.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4068_1485483049\_platform_specific\win_x86\widevinecdm.dll.sig	WaveWindows.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4068_1485483049\_platform_specific\win_x86\widevinecdm.dll	WaveWindows.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4068_1485483049\LICENSE	WaveWindows.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4068_1485483049\manifest.json	WaveWindows.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4068_1485483049\_metadata\verified_contents.json	WaveWindows.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4068_1485483049\manifest.fingerprint	WaveWindows.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveBootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveWindows.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133677543668670817"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1735401866-3802634615-1355934272-1000\{A4A0D0FA-50A8-4F38-AC67-8B7C3C233D91}	WaveWindows.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
4068	WaveWindows.exe
4068	WaveWindows.exe
388	CefSharp.BrowserSubprocess.exe
388	CefSharp.BrowserSubprocess.exe
2288	CefSharp.BrowserSubprocess.exe
2288	CefSharp.BrowserSubprocess.exe
3536	CefSharp.BrowserSubprocess.exe
3536	CefSharp.BrowserSubprocess.exe
4376	CefSharp.BrowserSubprocess.exe
4376	CefSharp.BrowserSubprocess.exe
1524	CefSharp.BrowserSubprocess.exe
1524	CefSharp.BrowserSubprocess.exe
4068	WaveWindows.exe
4068	WaveWindows.exe
3452	CefSharp.BrowserSubprocess.exe
3452	CefSharp.BrowserSubprocess.exe
4544	CefSharp.BrowserSubprocess.exe
4544	CefSharp.BrowserSubprocess.exe
4544	CefSharp.BrowserSubprocess.exe
4544	CefSharp.BrowserSubprocess.exe
3580	chrome.exe
3580	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2400	WaveInstaller.exe
Token: SeDebugPrivilege	4120	WaveBootstrapper.exe
Token: SeDebugPrivilege	4068	WaveWindows.exe
Token: SeShutdownPrivilege	4068	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4068	WaveWindows.exe
Token: SeShutdownPrivilege	4068	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4068	WaveWindows.exe
Token: 33	1612	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1612	AUDIODG.EXE
Token: 33	4068	WaveWindows.exe
Token: SeIncBasePriorityPrivilege	4068	WaveWindows.exe
Token: SeShutdownPrivilege	4068	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4068	WaveWindows.exe
Token: SeShutdownPrivilege	4068	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4068	WaveWindows.exe
Token: SeShutdownPrivilege	4068	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4068	WaveWindows.exe
Token: SeShutdownPrivilege	4068	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4068	WaveWindows.exe
Token: SeShutdownPrivilege	4068	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4068	WaveWindows.exe
Token: SeDebugPrivilege	388	CefSharp.BrowserSubprocess.exe
Token: SeDebugPrivilege	2288	CefSharp.BrowserSubprocess.exe
Token: SeDebugPrivilege	3536	CefSharp.BrowserSubprocess.exe
Token: SeShutdownPrivilege	4068	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4068	WaveWindows.exe
Token: SeDebugPrivilege	4376	CefSharp.BrowserSubprocess.exe
Token: SeShutdownPrivilege	4068	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4068	WaveWindows.exe
Token: SeShutdownPrivilege	4068	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4068	WaveWindows.exe
Token: SeShutdownPrivilege	4068	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4068	WaveWindows.exe
Token: SeShutdownPrivilege	4068	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4068	WaveWindows.exe
Token: SeShutdownPrivilege	4068	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4068	WaveWindows.exe
Token: SeShutdownPrivilege	4068	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4068	WaveWindows.exe
Token: SeShutdownPrivilege	4068	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4068	WaveWindows.exe
Token: SeShutdownPrivilege	4068	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4068	WaveWindows.exe
Token: SeShutdownPrivilege	4068	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4068	WaveWindows.exe
Token: SeShutdownPrivilege	4068	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4068	WaveWindows.exe
Token: SeShutdownPrivilege	4068	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4068	WaveWindows.exe
Token: SeShutdownPrivilege	4068	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4068	WaveWindows.exe
Token: SeShutdownPrivilege	4068	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4068	WaveWindows.exe
Token: SeShutdownPrivilege	4068	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4068	WaveWindows.exe
Token: SeShutdownPrivilege	4068	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4068	WaveWindows.exe
Token: SeShutdownPrivilege	4068	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4068	WaveWindows.exe
Token: SeShutdownPrivilege	4068	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4068	WaveWindows.exe
Token: SeDebugPrivilege	1524	CefSharp.BrowserSubprocess.exe
Token: SeShutdownPrivilege	4068	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4068	WaveWindows.exe

Suspicious use of FindShellTrayWindow 56 IoCs

pid	Process
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1400	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 4120	2400	WaveInstaller.exe	90
PID 2400 wrote to memory of 4120	2400	WaveInstaller.exe	90
PID 2400 wrote to memory of 4120	2400	WaveInstaller.exe	90
PID 4120 wrote to memory of 4068	4120	WaveBootstrapper.exe	91
PID 4120 wrote to memory of 4068	4120	WaveBootstrapper.exe	91
PID 4120 wrote to memory of 4068	4120	WaveBootstrapper.exe	91
PID 4068 wrote to memory of 540	4068	WaveWindows.exe	92
PID 4068 wrote to memory of 540	4068	WaveWindows.exe	92
PID 4068 wrote to memory of 1144	4068	WaveWindows.exe	94
PID 4068 wrote to memory of 1144	4068	WaveWindows.exe	94
PID 4068 wrote to memory of 388	4068	WaveWindows.exe	98
PID 4068 wrote to memory of 388	4068	WaveWindows.exe	98
PID 4068 wrote to memory of 388	4068	WaveWindows.exe	98
PID 4068 wrote to memory of 4376	4068	WaveWindows.exe	99
PID 4068 wrote to memory of 4376	4068	WaveWindows.exe	99
PID 4068 wrote to memory of 4376	4068	WaveWindows.exe	99
PID 4068 wrote to memory of 2288	4068	WaveWindows.exe	100
PID 4068 wrote to memory of 2288	4068	WaveWindows.exe	100
PID 4068 wrote to memory of 2288	4068	WaveWindows.exe	100
PID 4068 wrote to memory of 1524	4068	WaveWindows.exe	101
PID 4068 wrote to memory of 1524	4068	WaveWindows.exe	101
PID 4068 wrote to memory of 1524	4068	WaveWindows.exe	101
PID 4068 wrote to memory of 3536	4068	WaveWindows.exe	102
PID 4068 wrote to memory of 3536	4068	WaveWindows.exe	102
PID 4068 wrote to memory of 3536	4068	WaveWindows.exe	102
PID 540 wrote to memory of 4596	540	node.exe	103
PID 540 wrote to memory of 4596	540	node.exe	103
PID 4068 wrote to memory of 3452	4068	WaveWindows.exe	112
PID 4068 wrote to memory of 3452	4068	WaveWindows.exe	112
PID 4068 wrote to memory of 3452	4068	WaveWindows.exe	112
PID 4068 wrote to memory of 4544	4068	WaveWindows.exe	113
PID 4068 wrote to memory of 4544	4068	WaveWindows.exe	113
PID 4068 wrote to memory of 4544	4068	WaveWindows.exe	113
PID 3580 wrote to memory of 3488	3580	chrome.exe	117
PID 3580 wrote to memory of 3488	3580	chrome.exe	117
PID 4528 wrote to memory of 4088	4528	chrome.exe	119
PID 4528 wrote to memory of 4088	4528	chrome.exe	119
PID 3580 wrote to memory of 2440	3580	chrome.exe	120
PID 3580 wrote to memory of 2440	3580	chrome.exe	120
PID 3580 wrote to memory of 2440	3580	chrome.exe	120
PID 3580 wrote to memory of 2440	3580	chrome.exe	120
PID 3580 wrote to memory of 2440	3580	chrome.exe	120
PID 3580 wrote to memory of 2440	3580	chrome.exe	120
PID 3580 wrote to memory of 2440	3580	chrome.exe	120
PID 3580 wrote to memory of 2440	3580	chrome.exe	120
PID 3580 wrote to memory of 2440	3580	chrome.exe	120
PID 3580 wrote to memory of 2440	3580	chrome.exe	120
PID 3580 wrote to memory of 2440	3580	chrome.exe	120
PID 3580 wrote to memory of 2440	3580	chrome.exe	120
PID 3580 wrote to memory of 2440	3580	chrome.exe	120
PID 3580 wrote to memory of 2440	3580	chrome.exe	120
PID 3580 wrote to memory of 2440	3580	chrome.exe	120
PID 3580 wrote to memory of 2440	3580	chrome.exe	120
PID 3580 wrote to memory of 2440	3580	chrome.exe	120
PID 3580 wrote to memory of 2440	3580	chrome.exe	120
PID 3580 wrote to memory of 2440	3580	chrome.exe	120
PID 3580 wrote to memory of 2440	3580	chrome.exe	120
PID 3580 wrote to memory of 2440	3580	chrome.exe	120
PID 3580 wrote to memory of 2440	3580	chrome.exe	120
PID 3580 wrote to memory of 2440	3580	chrome.exe	120
PID 3580 wrote to memory of 2440	3580	chrome.exe	120
PID 3580 wrote to memory of 2440	3580	chrome.exe	120
PID 3580 wrote to memory of 2440	3580	chrome.exe	120
PID 3580 wrote to memory of 2440	3580	chrome.exe	120

C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe
  "C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4120
- - C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
    "C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks for any installed AV software in registry
    - Enumerates connected drives
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4068
  - - C:\Users\Admin\AppData\Local\Luau Language Server\node.exe
      "C:\Users\Admin\AppData\Local\Luau Language Server\node.exe" server --process-id=4068
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:540
    - - C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\wave-luau.exe
        
        "C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\wave-luau.exe" lsp "--definitions=C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\globalTypes.d.luau" "--definitions=C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\wave.d.luau" "--docs=C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\en-us.json"
        5⤵
        Executes dropped EXE
        
        PID:4596
  - - C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
      "C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"
      4⤵
      Executes dropped EXE
      PID:1144
  - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6068,i,2353832658526397847,10686095315367551441,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=6072 --mojo-platform-channel-handle=6048 /prefetch:2 --host-process-id=4068
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Network Service Discovery
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:388
  - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --field-trial-handle=6452,i,2353832658526397847,10686095315367551441,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=6456 --mojo-platform-channel-handle=6448 /prefetch:8 --host-process-id=4068
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Network Service Discovery
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4376
  - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --field-trial-handle=6512,i,2353832658526397847,10686095315367551441,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=6516 --mojo-platform-channel-handle=6508 /prefetch:3 --host-process-id=4068
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Network Service Discovery
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2288
  - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=7100,i,2353832658526397847,10686095315367551441,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=7104 --mojo-platform-channel-handle=7096 --host-process-id=4068 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Network Service Discovery
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1524
  - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=7120,i,2353832658526397847,10686095315367551441,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=7128 --mojo-platform-channel-handle=7112 --host-process-id=4068 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Network Service Discovery
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3536
  - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --field-trial-handle=3116,i,2353832658526397847,10686095315367551441,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=5836 --mojo-platform-channel-handle=4788 /prefetch:8 --host-process-id=4068
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Network Service Discovery
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3452
  - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3424,i,2353832658526397847,10686095315367551441,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=3428 --mojo-platform-channel-handle=6232 /prefetch:8 --host-process-id=4068
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Network Service Discovery
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:4544

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1400

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1612

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffbdaa9cc40,0x7ffbdaa9cc4c,0x7ffbdaa9cc58
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1660,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2072 /prefetch:3
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2212 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4520,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4684,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4292 /prefetch:8
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4804,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4292 /prefetch:8
  2⤵
  PID:5368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4668,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5060,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4712,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4524,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4772,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5168,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5396 /prefetch:2
  2⤵
  PID:6096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4944,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5640 /prefetch:2
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6012,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6024 /prefetch:8
  2⤵
  PID:5768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4664,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6400,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6632,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6652 /prefetch:1
  2⤵
  PID:5496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6656,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6784,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6960 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6624,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=7060,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7236 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5288,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7384 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7528,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7520 /prefetch:8
  2⤵
  PID:5612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3760,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7652 /prefetch:8
  2⤵
  PID:5964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7828,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7796 /prefetch:8
  2⤵
  PID:5292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7936,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7964 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8088,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7944 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8252,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:6300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6536,i,3451762109734054112,13129420279748840816,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6604 /prefetch:2
  2⤵
  PID:5612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbdaa9cc40,0x7ffbdaa9cc4c,0x7ffbdaa9cc58
  2⤵
  PID:4088

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3280

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5432

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:5464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Peripheral Device Discovery

T1120

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.dll

Filesize
4.3MB

MD5
6546ceb273f079342df5e828a60f551b

SHA1
ede41c27df51c39cd731797c340fcb8feda51ea3

SHA256
e440da74de73212d80da3f27661fcb9436d03d9e8dbbb44c9c148aaf38071ca5

SHA512
f0ea83bf836e93ff7b58582329a05ba183a25c92705fab36f576ec0c20cf687ce16a68e483698bda4215d441dec5916ffbdfa1763fb357e14ab5e0f1ffcaf824

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe

Filesize
249KB

MD5
772c9fecbd0397f6cfb3d866cf3a5d7d

SHA1
6de3355d866d0627a756d0d4e29318e67650dacf

SHA256
2f88ea7e1183d320fb2b7483de2e860da13dc0c0caaf58f41a888528d78c809f

SHA512
82048bd6e50d38a863379a623b8cfda2d1553d8141923acf13f990c7245c833082523633eaa830362a12bfff300da61b3d8b3cccbe038ce2375fdfbd20dbca31

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.runtimeconfig.json

Filesize
372B

MD5
d94cf983fba9ab1bb8a6cb3ad4a48f50

SHA1
04855d8b7a76b7ec74633043ef9986d4500ca63c

SHA256
1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a

SHA512
09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

Download Submit
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json

Filesize
738B

MD5
d7e605ad31f860299faac9715efe3571

SHA1
337c9b81c45564dcbf6dfd7fa5501d8bed24212e

SHA256
70677c72c2326ae66b8fe70068f5efbc13712b7b95c26639126787bbd38fc0ea

SHA512
ad622c2610934fcf3a0441e83eb98e73982fcb15cca1028ec37b24854aa08e24c02f6ca0489b6d792f40b52e02c38b101b143de2166032277d63ba9779c3e979

Download Submit
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json

Filesize
850B

MD5
ed9f82befac09d365d5d16acbe2fcf97

SHA1
5e21f122d0a62b3ec148a0867e55a4983fc7ce37

SHA256
9d66e2d92564ad84d2674ee1a401d81cd23d68846f4aec213699d7476e2338a0

SHA512
01611fdaa64f35c6b403791b369e6d67cd001ba03a1106d22b7ebe0e6595294844be33fab0e206d1bb386581b0e938441aaadf9a78c250e9fa09e10e0274faef

Download Submit
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json~RFe5aa615.TMP

Filesize
529B

MD5
57cf64dbe4ed6986cd8005a2bbddac20

SHA1
c76d52aba9ead6820af435d0e8a5e3abefe9f4e5

SHA256
90f721c3b9701b3f0b5f61e141b8df8c78cffa0ddb7b580f4e812458fcb7c52b

SHA512
0e7bcdb81c0de61040d61d447f169824d7ae286725c10530b5984ab4605fa89a0ac4ade2c9669d5c4ef09cdca6ab87c88cbc828e7f0f3924a53654b1c9053242

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
8c70a081513b9b6b57176170ad4631f2

SHA1
1fef79c42e99fcdb28e4032cc189ae07a043bf23

SHA256
da3d4c9598cc59f71715904a8aae6fe3caf08f8e6230e086e6a63d7c44036c85

SHA512
14a64ad5052b86ec163da43beb47044818da8742db259eccbdb2b98f9bdd211717bd73367dba1f5c229f6470c67d3af191ebbd63767d045a3eca446a7a25a478

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
fc3979e374c7b35154fe76487572942b

SHA1
5dd5d4dd4a44d1b02d1407f3efb6578c8ec1583a

SHA256
8c849e7237f689e68aaa50b881e159751024dda149caa131d0b953aef2c4153b

SHA512
703f5ead7cc40b0f74c3014cfa43a230f20d470942dd0d7e73e49436bfeb84b34ca342aebcb1d7d7c33ef38986ed01466dfbf0889e277a204c41ce748d37da8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
8d669e34b846b053c44c0f042ec1fe3e

SHA1
672a276863e7dca06e6cd3876b49fb74cf81a722

SHA256
919461102369ccc32aa91fb7688a3404f66f78b2390d6e7df303c93d7a62e214

SHA512
0ac38445f0f44f3d30741653f988016b2075d0dc0a86da61ef9d630dad93af2ea464cba51f843d5c6af883f7de1eb00b3c281545065a99f3973d610962adfa22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

Filesize
189KB

MD5
1221a812e4c70d38d0283584586c2add

SHA1
482c85a81897f931d12aaa243faac1af4843f273

SHA256
1d52c98af7b40a4d6f209501cdd68263164db4d9dfa6c973983a361aff4e9e1a

SHA512
07a057e116695dc6253b42789220c37bf8e8f93a9b362140fc08bdd9cbfb5ae2432129b8edd32c221eca42ee68b3906cb7b75fc7fca2a1299ae50379396fa9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\2c67b875-be0f-45c2-ab1a-bac4749d5e19.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2093a7fa57d84883985d535692708247

SHA1
fb8b694e92f0663493924567294c40b47639c394

SHA256
9e64cccefbd1f3b7b5ce1929a4864af099f9f3b5038fe6941edf7371fff1fd34

SHA512
cf9c68df4c126336194ae0da47d1169009e48dca9d5fea9f4d8af588bbf146152df61d0597b63b2ae8cd95cb7b1b1bd57403f259bc010fe513ad4a15714656f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c56802fbd4827e7fbbdaa83d68ea1f61

SHA1
c94669a2abea7e4d4aba9bb94f5274e6b9d6a461

SHA256
73c77bcb03a46d94dffd7ff3b7f8a3f157c9c1b5c7c9bf72532b16c037893df7

SHA512
4f10ab4702f0858467ea7b3977f70a622260b5c65d11477434d7374e918c7c7838971227608f4e87b75830a2ab2ea44a0494921f820df6d994425516ab0e348f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
a0f7c057831efc3de77c20cb1735c80d

SHA1
d73a09085fd10217aa4a671964722d8c07b4de03

SHA256
e06bd5fcea7f4630e02d6e6fb246a4e078619ebab8b0b040ce4ec07dba508e93

SHA512
572bebfeab952fa6821f3da392bae52b16ff551ebecacaeab287185c5002b0d92fb5a42215c837e5d53fe680686f2826adf7190fa94a92f53456e564fbb51c81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
dff2e8c06534a98401cf6872b5262589

SHA1
cb87acf69868e91771aceaf9564e2f413e11719a

SHA256
fd9179e4caf98a6777e274a356a4f5eb4d979c2c8748d4b3692ecc764c18c37d

SHA512
06414df8d8109a9df60b325e251a3229d3f3855b893353f2eef29fdb6bd191de611e6db99bf61a9743606f443c257478920f46dc7558bdd6c9d53cec84e34501

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
db3f326496f91693153a7d324a8969b4

SHA1
91a00b2e47f510caf6ecd89f9e0e35bfd8e8499a

SHA256
c2bf08e78e0e31281991eb89f6da3bc9f07d2fde3827de64388474d5a59d50b5

SHA512
4611eeefdddb0e93b669348b2670b8f71fceb0fcc6aff4f32e1829d28aef709e7b97c4af32f8eeddc21f9a65dc33094496cd2e56ce19681360b0709299a5052f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8e3850ee13fd401527461a26316cc071

SHA1
c8a986010c763f21add1dde5be11286ba934c529

SHA256
58316d13ec47a665cabbc69d5471049375139f990e668bb7293147071d7330fb

SHA512
74aaec025640cda038a86b1c210536bcdeddb7ea1ccbf471c9d3ade2fd0307bbce61c487f0c54cd528385467dab33df91e990378102c5687f51066cb80677c27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
be76541d20024e86324e2b54b3051b63

SHA1
7903c6f48d32412448f112804984ee59328a1e23

SHA256
54af73ffff97f032b4775f2b77b240fe77f54242e2c37036997cd405a9d2b20b

SHA512
ed3676a27d3f7bc8acf9848dedacefb7c3c621a6d435323643e355b335a09647ec9da7828a749f3e99ac8490ee7370429ca35e912fb1d39b675ac4e36748a020

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a4011a575dc104881e6cf8cb70255ada

SHA1
87622c2001bfb305f02cac57e35635ac8b778c81

SHA256
342cf55bec5d06d399522ba34fa351604cb8e6b332aac74abfa254e6a79d0656

SHA512
273063673b5d1f2da57ea4a7f0df553a0b034ed0811cfa6d8d64085fbcd77e3079d31b7b218d1d23a103278ea7a13d00a4f1e04c1d3fb4a6db70fe098e8920f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9ef665b77e792b745fa3df4ebaa03d86

SHA1
ad9266db7905a36ccc8ac38ba2d567138c086eb5

SHA256
e1ff520a87b9c11fe0a21de178a3cdc1fa30a1277f9e738b06b133457c58064d

SHA512
668b4d6dfbe1c29beb9ba82ab3369a1779e890ec3d34521ab3f2001717e902c9615c29eeeed8efe286a0309406740a4ac6455a12c9387645e27def6dcb319bb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
17cc8bc310ea7efaabfc2a11a644e049

SHA1
4de4657a0236e6c889801dc046603340e8c95f10

SHA256
c206d27aea165bc13cc164bf4bd10d161bb893396c649043664b857391bde6f3

SHA512
84e1fd54d3b083004b2bb7856be686ff7462ae6738132a76939a829c1693a1dc23cd5449d38667b7e59f45851136f5429a83ad6af14022d8656917744c47e9b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e2e415315d6e05caab0f30c0308d1a8f

SHA1
7fb36a73998c283c20cf6e10fac551f91074582d

SHA256
5a31df7c3e425134dc626d1df7449f20ad19cf3d6d61632c572e77b235a5d6df

SHA512
3c0655c2acebcd038eddb9569e3197404eea43fd3ba9c91ce448441b52b27699f428747837254ae94e4ce645ec46ed48b80c433bfad50e7fac01cdbf24dbea57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cc7d161bfc02f11008f87e071e833a60

SHA1
e8537196d358ec98531778e3b3eb82a9ad1290ff

SHA256
b8cce8e43d0049ed043facfe4420756b24d6c6f9e2c4c85e0e295b292736e1fe

SHA512
6549d40a0ca5687c1b07b6087f70626f792695ab9236d0090025b5e94526d6796245254b1e05d7322286ac9511a1b48e0cfdbf2c61235accfba8e05608ca6fce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
99dc218b77bffef260297dbd82bd79d0

SHA1
7a671a12f0fe4bce21b1e9a1f5bbc75d89f12c31

SHA256
3e8b769c1ae81d7326e9183b01361e376f86166fb732b015ae33a52df5abc945

SHA512
3eb0feeb3dc1c8358a076866b6fa110eaed6d3c10f0b0afc4c63cd68614f2968e497c54905502b677e822f77c0963c3d0f8c30f2e25b9313bcaa12bfb17cff65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
f7500d304e28673847fbf97038b2bfe8

SHA1
0107b02869d300b02262227af6e6c5250ed331b3

SHA256
95aeb0885337322b77d0827f68009b0d54dc04b1e9c2b1eabb8568607429a65f

SHA512
7c7938ad590728297bfec2a454dc6a94193e7005eca7c8d06141562f399fed545c183ad84f6a9b25612bf452718776e923c9ece62495b1c12cc5ee3b7202c3b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
14b0e37414bf79415dd25ffb29682826

SHA1
36f5fd011cddb72e10b777c3a3e5cf71132e2fe3

SHA256
3ec165cff754b37bfb794eac72237b641e721173ed3ac8a0d8350c4687d7440e

SHA512
b680088839511653d52a025ed5b000ff2ee1685556e5d498c981ab6cb5d9c7092ba96b8e14851019ff6dbb50bbdbd690c32d1c6a1b4162bba2acf05b4b57aefe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
1cb3edd8e9b028ef107bb6400b186dbe

SHA1
76872b3e8cb29c08d1dbd899f6c44a76955dade4

SHA256
267e61b41e65f3249803cebaa16fe4a8f326946d2a7fa1d7ea9571a75b638073

SHA512
3820f9e4a5e31e520227b9dae8f2e947dcc296a038a50085fd760327070ac41e5c696cea4e5ddea2b591da8c41b980f2691044875ef0779a4a9b2f01a70b3fe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
adb8ef044ac4305d28913004a031c820

SHA1
bfaf31fef943ec14f80c1cca6b6ee0a17bc15f6a

SHA256
3d87cdb03385c638b9ecfe807f9b24a7a1d9fec75f51341857cdafcbfd9cce4d

SHA512
44ad11b29e57dcabe9fbc718a8932df222948488aa87241bbc4f9a682ba38ae8703227e6d1ffb21aa49b4255ff5ab1f217d0e24b38876598af4f3042f4a54ff9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
34e9ed5903839e61d9daa7f87d2914d5

SHA1
0a31c471919353ebef1b72fcf91bf719c0b5afd2

SHA256
757505c798c3330d50c2c4707fc20d588d02aebf2b0577566013df641cc14070

SHA512
eca055cb4b441e140458d6351b290da9494c8fe4a466a5984b73e41ab5891c78d3c5c4a1c62189638e526bd866746bf97854086abc168ba11f214fcd87c4e80a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Cache\Cache_Data\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Cache\Cache_Data\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Cache\Cache_Data\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
cced2c52595f798cb0b496ae64babc72

SHA1
880d0290d8a2ae51b9e1d79611049412511d8d67

SHA256
ed958343426b73c8e9c1a2ea12c045c07c132c93271eda47c70aed629841ab0f

SHA512
bd951b9f0bbeadb94aead88fac61f6ced0e09c054543c5157b66ea91be7d75f9798b817f6e756e28b00f71d29b14c4d0a1623a70bbb1a821b302f2a3a24e0c93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
851e29a989221d9a42d4dbbde2e9f9f3

SHA1
d6c24337a35181166575b904a470cf3f415f4f6c

SHA256
bba539b47c1c0cda04b04834d808d3d14df1ab62b2dccd3f1749a4cacb9f1bf5

SHA512
8529f5b09c82d769c0b86fcc75f2380ecbb871135406fa576c6a9c24f97a261b5a12b448bfc87a500013be8cb5d09639425fc29fe144036a3542ddaf68a68a44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\Network Persistent State

Filesize
885B

MD5
981c152f72f4d59f1ffc5733e2b9da3a

SHA1
30ae65db08b4475e654b21413b1984dc19044f8d

SHA256
62943c66296c7c6db39a5cc8e9582bdf3bb9eb1e69034d8fcb205a73537329b1

SHA512
7875fb8ce2e8908370bd0804a34e1ba4837d0a40e896c1a8368f4e061b0d5487254986557458721a7294258c44b786629e76df65162d71dc3e5ffbc4a47216f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\Network Persistent State~RFe5d9230.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1a1734e745629a1f8190425c4d1dad5c

SHA1
6fe578e11f6134a61e4888274262af640a552ef0

SHA256
802ea5c214950d595337882d0b37c3199dec87a51000d0bc815b2c4881143b5b

SHA512
2c32ccfac7ed009f9315300fc84023a937e44d20d7b90ec5e9e8ac7f90c444fe782534831534021744ca0f7e0debd833ab2c6c403530a76c036f02926358571d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Service Worker\ScriptCache\index-dir\the-real-index~RFe5d9194.TMP

Filesize
72B

MD5
8a84ea01e94c7ec5ba1715bae6be51fd

SHA1
644a2ca20487da49c829d886ad25c9d6e4b39a42

SHA256
c77efd68643c2579e876ac9641c7fb19f2e334c78a6a4f2dc8806572b079ee4d

SHA512
175a630fca2af833c991ca40411f0e54db3036db8960546f548c58371ecad58d9578d87cf8e0d0f5e385f81dc4d0fb81989830618fd58f10cd75265cc6fc7a49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\32.png

Filesize
1KB

MD5
44188def4e01c25516ca590c90499b2f

SHA1
0a9258ac71dbd02eb2e5a592365c9e8a3744d3c7

SHA256
be3a2fe70a27da2e9836e8b96a0dcfdd980702f69124f984f82de2b8699fe977

SHA512
f202686756dd603d4d98b36421e2613003279601328aae2214ffa3226a6a7c6102703808877818a989f2927677210dbb7bfa49ccd870771b399abdfa2431dca8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\48.png

Filesize
2KB

MD5
b87bfabaff9e7370835ea8790c87409b

SHA1
d9641aa79839fa5067ee9054cd61e0eecccfc7ec

SHA256
d67823095d8a91a0d4638ba75216c2f4b467f4fca5a56c4e45e88091b17dfdc5

SHA512
d8e3e59056076919afc7b5640d4f5964abbaac8537bb547da68f7a91c314a72615059024fa6e517134da81a38d4701138f50e37bf99a37ac3353ca5d92ed162e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\64.png

Filesize
3KB

MD5
72af0c1352184e984612088a6df54e53

SHA1
12faf6f7b28cc2d4be9d639a770e54d895d6fe58

SHA256
e036bcb9f333d3d7e12492247e02fc6d599e12c42cc008fcbbac37def93ca0da

SHA512
8dfed220c6391592aa1bc06000548f1f18ce1e6b47b6e3b47f11185cb0d0c48f961c82c6abb598ee1dcde7ed87c59026cd282ee56f5e0dd1f48ec89a207f4623

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\32.png

Filesize
1024B

MD5
ca6289a7d8f9ecc17f8de717faf1af27

SHA1
4ccf3c6a9291f0a8a3090c22aca6f1872c860073

SHA256
3d7283090cf1a87baae4032266e4d144f7ec2ea465e7b2bf02728aa394c678f0

SHA512
100fb108d3eb74eea016af82a5a6758f22173b3d9a60c5237e9a570aa14549397b224d9d4234661855ffec47930a33536d05c0eb56ac61c551184fa89b18697c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\48.png

Filesize
1KB

MD5
06c47df56a44e6ec6ed68a0c1b13fcf1

SHA1
d081069ab4c69925e2c5a8e7bb9a683f620dadb2

SHA256
6e21221baad8ccd2b71542f9d3194dc5868c0f424fea640cd4915fbdb32f4804

SHA512
e23731119c43850604eaa83c7fc17cff43681890ba3e144cc0b97cc8b33dc3f90a5370c7ae599c5469e33fcffed6492308451a0f3699bca51df665a70329a569

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\64.png

Filesize
1KB

MD5
fa9b6bd6c167dc772018d4105b7f3afd

SHA1
5a8b1a8bec14f864d559667c79683735508a8036

SHA256
2a8f1a1cfac4fbe96a6cb69e9e621201875cc45b2e60bc75b08ea193c759e346

SHA512
db8b36ed049e357346a6c249dacf54a78bf7395ab8a3c8f8d2aa8d575193f59959cddfc7e1ec18b32a029aa1cfd42ffe30149d74de56d88baa0583a6c00d9a9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\32.png

Filesize
1KB

MD5
cfd1c4fa219ea739c219d4fb8c9ccf8d

SHA1
1bd9c4a0c08a594966efe48802af8cdd46aa724c

SHA256
36670568a87c7b3cd1a4448ffe5bde9b6fd3d65b58e6dca38cc4ea2e9e8c11b3

SHA512
59918179057447aa18668abbdaacd11ee3f5e83c25a93f916a050a559ea1457d6ab61abd3db9def22b5214a1767911e9cf9fa8e638852032cca3696424c6a903

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\48.png

Filesize
2KB

MD5
f484337ddad3b425b5788e5ce7082bc8

SHA1
79c7e4c0202a06ef3a287cc76ea498fcf26009c2

SHA256
fa58e3209e408e4f0d60a7ed330d6f62884ccf9b593e37cde03e7916c116dd1f

SHA512
518a8e3d53fe86dc714a59cc70f8f0c44396d7569d25837c1cfe6212a10204080e0c4d19c43729f1815093af9f075693decbb9496700a2f00bd57dd3ed0b0a3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\64.png

Filesize
2KB

MD5
9ca95e4d4941acee74cd1bef23eaba35

SHA1
1717e5136bf97a89b5dca5178f4d4d320b21fb48

SHA256
80c1e2f4d89d5266f82dc0295f232eda894812820c5c625a036adf980536e5a8

SHA512
9fb11e36e626b0d9eb43548ba0e90cda27e70d027361c52437f01287e94f07d07da01a385ee2466963e305516f56e37020644ce03d1132322d7e796440c633b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\32.png

Filesize
890B

MD5
e21251a768b30062a5cd8e0b01e512bc

SHA1
3fc0c1af7c6783f743021a145016023ee73a69bf

SHA256
280a7fc31d9ba2169f4d0801c7c52bb970061c17c7b4a7959a07e8313c055df0

SHA512
f6104bcce1f2613b5f6baacd354fa6dfe448273b79e5579c7c93ab703e953e49711459bd6ef3d10ee449d9d69c4bf6bca62ac9d6e864670f4503a618425f389a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\48.png

Filesize
1KB

MD5
67e185e7131868c3af81ee10251a3205

SHA1
3f52bcd8f6dd96a2613d4e0023a6ca87f54d2bde

SHA256
fe6cef43018dd0cf284366ab4c5bc75039274374a3654b58197bfe5ebb3dcc46

SHA512
d155a9e9ad4c0e85c97bc3ec8432213b3637cece3dafa8338662055c0c593e3ce10405b5adccfc92ee6da96d01f7cbf29623bff6204653f7960a84bc782aecb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\64.png

Filesize
1KB

MD5
ffd2836b1dfc3a7f5c24dcc4845f3b3a

SHA1
16b4d188780f05e0845014fb45ad6ebaa6b4d2b8

SHA256
f5eb403a4afbb48114e67cb9eb55ae136b86a2c8644167d53006848c8efba562

SHA512
810acdc6d1462416572b79b6e16cca23988a4bccb886db303b1dc1487d4a1abf36f94dbcf7fea7a22ae9892a3f9ebf98516ff2dfbbe424d82c735382f34adbde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\32.png

Filesize
914B

MD5
1958a9b92332cc7b500636c414649c72

SHA1
3433cd43afc96397650ecaa2f3d4c82d985aa86b

SHA256
282c4fd7aec92fbe494f71a136c9c9111a453ff07f701ba21cf2f14b24f9ff15

SHA512
9a6791a1ffcd7b2442ffa33a132b95bc66dcfa5b2814bf5b84d8385e69b7243bed9b6e4a1677c3b88cc9de421067468ef186584c43a90b7aba78e2e19a1fd81b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\48.png

Filesize
1KB

MD5
b7593fa2971ae16ea2aaefefab67658d

SHA1
df5455a066a4aa91aba3d2ad0df25e3634d04a49

SHA256
1407047a49f6220843e0b5eeb147273ac894fffb489ff02b7e920096f1cf23db

SHA512
0036d5d5b708feb7fa9dc96a705e0ef98c8dab39ee182e760515ae008e100200ee4645afa75359290f09dd1fc7f16c7830e39faaa5e302a8dd6a647adcd431c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\64.png

Filesize
1KB

MD5
6078ddcccd0966b6c8506d28eed2026f

SHA1
86b7c92bcfb0e02d9a72bebaa6731891fa90e29f

SHA256
d982bca9f433bfdf7f7d8f759576273ee8a131e676a784a6d6231b068e21de25

SHA512
850dd615ea2422f00001b37603f25756e6304e190669aca90aaab08d2ca97d163402b3fe7a4747e76040fc9dd944861b5639c31d1b40528ca806f5f920fa3d4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\cae04dfb-df20-44b2-ba8c-ba61bda4dd94.tmp

Filesize
6KB

MD5
655c75d55359be8abfa5870ad4b0e9f6

SHA1
3eba04e24642c80c6fd5c67fdd1372c97cdf0e35

SHA256
1d3163c69c01f2f3b662f7b287e3defc6488d6bfddd296c3ac301bacb0ffa16d

SHA512
30bd51afd60a68c717dfe84f167455e1be103cd51b62ad7007ca64fd5f69eb6aceef16fba7cd23e108243175700160016e4dc1a4352924befd5d0e127d881e20

Download Submit
C:\Users\Admin\AppData\Local\Luau Language Server\server\index.js

Filesize
6.1MB

MD5
6b1cad741d0b6374435f7e1faa93b5e7

SHA1
7b1957e63c10f4422421245e4dc64074455fd62a

SHA256
6f17add2a8c8c2d9f592adb65d88e08558e25c15cedd82e3f013c8146b5d840f

SHA512
a662fc83536eff797b8d59e2fb4a2fb7cd903be8fc4137de8470b341312534326383bb3af58991628f15f93e3bdd57621622d9d9b634fb5e6e03d4aa06977253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
896KB

MD5
12fe7e60604dcacc9b1288f7b147c224

SHA1
9507f22197c492f4d255429c70c53d425c701c14

SHA256
e9b13f45cefa0b06f547f01a8b7c13abc3ea278986f1fb3cb6e1062e95cc57a0

SHA512
f3a4def6edc8e3b123c49dae653d960b1558a2f3406a2b165a71699ba62504ac6ebe37756586814f3dc657e512cbd6c3b22f50aef064e69ffe9e669a724675d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
0fe41f5cab9752cda9a0b0dff935037f

SHA1
30cb1b635fa852924e85f0331264609a36089dce

SHA256
a2ba723e0554a18ae6fb976d283c5b0780a8b11c06a52f7291569654cf46e237

SHA512
03d926c0937ade4c126602546677cb57fa459592430b5ff97487237289bf677f954076d30508d2cea29a79e41a174383f3372ee239498d98381550a4cafca89d

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
8ac23aa3f34a85bd21e596f036f34548

SHA1
ff3a7bbf47f9946ee31f3f0c07335c27da3578f7

SHA256
533f5335991ff066bd7d0743eb9b16b7fc876f81aa7ae19099a5b2725f96cf89

SHA512
9cd5e49ce67ef77133defa4d20e2dd96f0cae1bf41eaeb48bddd81ed76ab8d7be0c4aeda508d71f7adfb76603c987b4d471c7d2eddb381e75e656e15784cf285

Download Submit
C:\Users\Admin\AppData\Local\Temp\21523cae-a40e-4779-ac51-82dc817d5ffc.tmp

Filesize
132KB

MD5
83ef25fbee6866a64f09323bfe1536e0

SHA1
24e8bd033cd15e3cf4f4ff4c8123e1868544ac65

SHA256
f421d74829f2923fd9e5a06153e4e42db011824c33475e564b17091598996e6f

SHA512
c699d1c9649977731eea0cb4740c4beaaceec82aecc43f9f2b1e5625c487c0bc45fa08a1152a35efbdb3db73b8af3625206315d1f9645a24e1969316f9f5b38c

Download Submit
C:\Users\Admin\AppData\Local\Temp\fe710a8d-551c-4003-84a0-66de3ce1fcfe.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3580_743217744\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.Core.dll

Filesize
915KB

MD5
100c32f77e68a2ce962e1a28997567ea

SHA1
a80a1f4019b8d44df6b5833fb0c51b929fa79843

SHA256
c0b9e29b240d8328f2f9a29ca0298ca4d967a926f3174a3442c3730c00d5a926

SHA512
f95530ef439fa5c4e3bc02db249b6a76e9d56849816ead83c9cd9bcd49d3443ccb88651d829165c98a67af40b3ef02b922971114f29c5c735e662ca35c0fb6ed

Download Submit
C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe

Filesize
7KB

MD5
516ff62b2e1f4642caa954c0968719e8

SHA1
e349d0ce82e2109dd0d18416d9cf46e8411b7f15

SHA256
19da58849cec5933860116e60a1e94b08e30d90e0f955768270b47998d612045

SHA512
7aa4a0c87b29c2a84f585a884d8208fc2352a43f2cdb549c100e3b121837ad5f8dadb1101f57d1d3fcb7ebec9d9f22e07dc14239b7d2e2d25793c999becf288b

Download Submit
C:\Users\Admin\AppData\Local\Wave\CefSharp.Core.Runtime.dll

Filesize
1.3MB

MD5
09cba584aa0aae9fc600745567393ef6

SHA1
bbd1f93cb0db9cf9e01071b3bed1b4afd6e31279

SHA256
0babd84d4e7dc2713e7265d5ac25a3c28d412e705870cded6f5c7c550a5bf8d5

SHA512
5f914fa33a63a6d4b46f39c7279687f313728fd5f8437ec592369a2da3256ccff6f325f78ace0e6d3a2c37da1f681058556f7603da13c45b03f2808f779d2aa1

Download Submit
C:\Users\Admin\AppData\Local\Wave\CefSharp.Core.dll

Filesize
898KB

MD5
1bb24b22d9bd996c038d26b600ed18a8

SHA1
c2629a8a26c9c0969501923f84874838087cca2b

SHA256
944b987a0b677d354e24ee15bba65f73b0f051338f576234a975a49493399873

SHA512
38578e0d1a39ccc9851ff80d3a0f5342a34303229e2898c3ca32dad11017d4277720f54b472c2f1a0b73f47d5ba6352aa7be8ae2ed72b3b25a01dd8292591421

Download Submit
C:\Users\Admin\AppData\Local\Wave\CefSharp.Wpf.dll

Filesize
114KB

MD5
ceaf0bad83fac8ce71853cd820e4ed9d

SHA1
4eed686fbba7d4603b596fb8e494b8f452a05886

SHA256
eaced1f76adb8ee756033baee29a47b1f4d4b657ebd105a7e25c8dc4fbc48cba

SHA512
4ed3f83e797eade8f0d1c6b80ce49d18f00daaf5d69421a4920e3cea2e7d78c3622193ca65b6ab1dab14c57e7f893a7b1edb27b83f343ea4df731d80aa21ff82

Download Submit
C:\Users\Admin\AppData\Local\Wave\CefSharp.dll

Filesize
272KB

MD5
9ca06a8f9e5f7239ca225ab810274023

SHA1
e1a219f567a7b7d3af9386df51b14c76e769c044

SHA256
5fd00ae3e83e6ca156647ff6df87b49ffc7cad47c23fe3ae07c067c5adf6f74a

SHA512
430c9bceed5439b987d5bd4840cfe32411ca61594f18597aca1948aa39a22c9d70beadf3bb9b1dd0373f81a94a25dcba17fa8e8c73abf06cba28d0971d5614c5

Download Submit
C:\Users\Admin\AppData\Local\Wave\D3DCOMPILER_47.dll

Filesize
3.9MB

MD5
3b4647bcb9feb591c2c05d1a606ed988

SHA1
b42c59f96fb069fd49009dfd94550a7764e6c97c

SHA256
35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7

SHA512
00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe

Filesize
949KB

MD5
8fb51b92d496c6765f7ba44e6d4a8990

SHA1
d3e5a8465622cd5adae05babeb7e34b2b5c777d7

SHA256
ab49d6166a285b747e5f279620ab9cea12f33f7656d732aa75900fcb981a5394

SHA512
20de93a52fff7b092cb9d77bd26944abed5f5cb67146e6d2d70be6a431283b6de52eb37a0e13dc8bc57dcf8be2d5a95b9c11b3b030a3e2f03dd6e4efc23527a6

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe

Filesize
8.0MB

MD5
b8631bbd78d3935042e47b672c19ccc3

SHA1
cd0ea137f1544a31d2a62aaed157486dce3ecebe

SHA256
9cfda541d595dc20a55df5422001dfb58debd401df3abff21b1eee8ede28451c

SHA512
0c51d6247e39f7851538a5916b24972e845abfe429f0abdc7b532f654b4afe73dc6e1936f1b062da63bfc90273d3cbc297bf6c802e615f3711d0f180c070aa26

Download Submit
C:\Users\Admin\AppData\Local\Wave\bin\Background.mp4

Filesize
4.6MB

MD5
9782180eb68f73030fe24ef6a1735932

SHA1
589827fe098ba048c9f871a28db8eae3e3537ff4

SHA256
3a1cbb800f8f25c2ab703ba8bfdb01e938e4143c3bc0fea8ca734fb5ba779ba7

SHA512
dc768638bae2d6d47d8910252ae64a656d8a6fd88efdf24165ddce51b7afdb4acb3fddd41dfe788737a2cab4fab66174db2f0d2f48bc8669af76d1656bca8be1

Download Submit
C:\Users\Admin\AppData\Local\Wave\chrome_100_percent.pak

Filesize
667KB

MD5
ae195e80859781a20414cf5faa52db06

SHA1
b18ecb5ec141415e3a210880e2b3d37470636485

SHA256
9957802c0792e621f76bbdb1c630fbad519922743b5d193294804164babda552

SHA512
c6fef84615fe20d1760ca496c98629feb4e533556724e9631d4282622748e7601225cf19dfb8351f4b540ae3f83785c1bcea6fe8c246cf70388e527654097c1c

Download Submit
C:\Users\Admin\AppData\Local\Wave\chrome_200_percent.pak

Filesize
1.0MB

MD5
1abf6bad0c39d59e541f04162e744224

SHA1
db93c38253338a0b85e431bd4194d9e7bddb22c6

SHA256
01cb663a75f18bb2d0d800640a114f153a34bd8a5f2aa0ed7daa9b32967dc29e

SHA512
945d519221d626421094316f13b818766826b3bedddab0165c041540dddadc93136e32784c0562d26a420cb29479d04d2aa317b8d605cd242e5152bf05af197e

Download Submit
C:\Users\Admin\AppData\Local\Wave\chrome_elf.dll

Filesize
1020KB

MD5
7191d97ce7886a1a93a013e90868db96

SHA1
52dd736cb589dd1def87130893d6b9449a6a36e3

SHA256
32f925f833aa59e3f05322549fc3c326ac6fc604358f4efbf94c59d5c08b8dc6

SHA512
38ebb62c34d466935eabb157197c7c364d4345f22aa3b2641b636196ca1aeaa2152ac75d613ff90817cb94825189612ddd12fb96df29469511a46a7d9620e724

Download Submit
C:\Users\Admin\AppData\Local\Wave\icudtl.dat

Filesize
10.2MB

MD5
74bded81ce10a426df54da39cfa132ff

SHA1
eb26bcc7d24be42bd8cfbded53bd62d605989bbf

SHA256
7bf96c193befbf23514401f8f6568076450ade52dd1595b85e4dfcf3de5f6fb9

SHA512
bd7b7b52d31803b2d4b1fd8cb76481931ed8abb98d779b893d3965231177bdd33386461e1a820b384712013904da094e3cd15ee24a679ddc766132677a8be54a

Download Submit
C:\Users\Admin\AppData\Local\Wave\locales\en-US.pak

Filesize
456KB

MD5
4430b1833d56bc8eb1f7dc82bb7f4bc9

SHA1
dc15e6306625f155683326e859d83f846153c547

SHA256
b44ddcfac9df4934007e6c55a3c7f5e7f14c7e5e29f35c81de917fc3b22aabbc

SHA512
faf93bf371b2a88c1b874a5e2c54e4487fd152ad19c2a406a46f55ae75ecd421a779888c2e4c170857b16bfb5d8744bc1815a4732ed50b064b3cbd0c5ffad889

Download Submit
C:\Users\Admin\AppData\Local\Wave\resources.pak

Filesize
8.0MB

MD5
4933d92c99afa246fc59eef010d5c858

SHA1
98d443654e93c73dd317f9f847f71fba3d5b3135

SHA256
62f4674daa15245ee081920b8ee191e72f36ca8fe24f6b986a832f45676915b2

SHA512
a3a69523c8e7310716daeebc06c2ba4fce673eccd1958e824ff179b82f4502d0ec095190179bbb387342e4150f952ea7533182fb6ba90377d17dafba8f4da623

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4068_1485483049\manifest.json

Filesize
984B

MD5
0359d5b66d73a97ce5dc9f89ed84c458

SHA1
ce17e52eaac909dd63d16d93410de675d3e6ec0d

SHA256
beeab2f8d3833839399dde15ce9085c17b304445577d21333e883d6db6d0b755

SHA512
8fd94a098a4ab5c0fcd48c2cef2bb03328dd4d25c899bf5ed1ca561347d74a8aab8a214ba2d3180a86df72c52eb26987a44631d0ecd9edc84976c28d6c9dc16a

Download Submit
memory/2400-3-0x00000000050F0000-0x00000000051A2000-memory.dmp

Filesize
712KB

Download
memory/2400-13-0x00000000749C0000-0x0000000075171000-memory.dmp

Filesize
7.7MB

Download
memory/2400-2-0x00000000749C0000-0x0000000075171000-memory.dmp

Filesize
7.7MB

Download
memory/2400-25-0x0000000000DC0000-0x0000000000DCA000-memory.dmp

Filesize
40KB

Download
memory/2400-244-0x00000000749C0000-0x0000000075171000-memory.dmp

Filesize
7.7MB

Download
memory/2400-26-0x0000000000DD0000-0x0000000000DDA000-memory.dmp

Filesize
40KB

Download
memory/2400-4-0x00000000051A0000-0x0000000005222000-memory.dmp

Filesize
520KB

Download
memory/2400-0-0x00000000749CE000-0x00000000749CF000-memory.dmp

Filesize
4KB

Download
memory/2400-5-0x0000000004F20000-0x0000000004F28000-memory.dmp

Filesize
32KB

Download
memory/2400-1-0x00000000002E0000-0x000000000052A000-memory.dmp

Filesize
2.3MB

Download
memory/2400-6-0x0000000004F30000-0x0000000004F38000-memory.dmp

Filesize
32KB

Download
memory/2400-7-0x0000000009C50000-0x0000000009C88000-memory.dmp

Filesize
224KB

Download
memory/2400-8-0x0000000009C20000-0x0000000009C2E000-memory.dmp

Filesize
56KB

Download
memory/2400-9-0x00000000749C0000-0x0000000075171000-memory.dmp

Filesize
7.7MB

Download
memory/2400-10-0x00000000749C0000-0x0000000075171000-memory.dmp

Filesize
7.7MB

Download
memory/2400-11-0x00000000749CE000-0x00000000749CF000-memory.dmp

Filesize
4KB

Download
memory/2400-24-0x0000000000E00000-0x0000000000E72000-memory.dmp

Filesize
456KB

Download
memory/2400-22-0x0000000000C50000-0x0000000000C58000-memory.dmp

Filesize
32KB

Download
memory/2400-21-0x0000000000D90000-0x0000000000DB6000-memory.dmp

Filesize
152KB

Download
memory/2400-20-0x0000000000E70000-0x0000000000F06000-memory.dmp

Filesize
600KB

Download
memory/2400-12-0x00000000749C0000-0x0000000075171000-memory.dmp

Filesize
7.7MB

Download
memory/4068-337-0x000000000A5E0000-0x000000000A5F0000-memory.dmp

Filesize
64KB

Download
memory/4068-340-0x0000000010A70000-0x0000000010A80000-memory.dmp

Filesize
64KB

Download
memory/4068-341-0x000000000A5E0000-0x000000000A5F0000-memory.dmp

Filesize
64KB

Download
memory/4068-256-0x00000000053F0000-0x0000000005490000-memory.dmp

Filesize
640KB

Download
memory/4068-255-0x00000000000D0000-0x00000000008D2000-memory.dmp

Filesize
8.0MB

Download
memory/4068-355-0x0000000010A70000-0x0000000010A80000-memory.dmp

Filesize
64KB

Download
memory/4068-314-0x000000000DBE0000-0x000000000DC2A000-memory.dmp

Filesize
296KB

Download
memory/4068-334-0x0000000010A70000-0x0000000010A80000-memory.dmp

Filesize
64KB

Download
memory/4068-339-0x0000000010A70000-0x0000000010A80000-memory.dmp

Filesize
64KB

Download
memory/4068-310-0x000000000DB00000-0x000000000DB24000-memory.dmp

Filesize
144KB

Download
memory/4068-268-0x000000000AC50000-0x000000000AFA7000-memory.dmp

Filesize
3.3MB

Download
memory/4068-261-0x0000000009390000-0x0000000009442000-memory.dmp

Filesize
712KB

Download
memory/4068-282-0x00000000059C0000-0x00000000059F8000-memory.dmp

Filesize
224KB

Download
memory/4068-354-0x0000000010A70000-0x0000000010A80000-memory.dmp

Filesize
64KB

Download
memory/4068-283-0x000000000CCA0000-0x000000000D1CC000-memory.dmp

Filesize
5.2MB

Download
memory/4068-284-0x0000000006090000-0x00000000060CE000-memory.dmp

Filesize
248KB

Download
memory/4068-338-0x000000000DBA0000-0x000000000DBB0000-memory.dmp

Filesize
64KB

Download
memory/4068-335-0x0000000010A70000-0x0000000010A80000-memory.dmp

Filesize
64KB

Download
memory/4068-325-0x000000000DBA0000-0x000000000DBB0000-memory.dmp

Filesize
64KB

Download
memory/4068-322-0x00000000110D0000-0x000000001122B000-memory.dmp

Filesize
1.4MB

Download
memory/4068-318-0x0000000010FE0000-0x00000000110C6000-memory.dmp

Filesize
920KB

Download
memory/4068-342-0x000000000A5E0000-0x000000000A5F0000-memory.dmp

Filesize
64KB

Download
memory/4068-301-0x000000000A5E0000-0x000000000A5F0000-memory.dmp

Filesize
64KB

Download
memory/4068-267-0x000000000A560000-0x000000000A582000-memory.dmp

Filesize
136KB

Download
memory/4068-299-0x000000000A5E0000-0x000000000A5F0000-memory.dmp

Filesize
64KB

Download
memory/4068-300-0x000000000A5E0000-0x000000000A5F0000-memory.dmp

Filesize
64KB

Download
memory/4068-302-0x000000000A5E0000-0x000000000A5F0000-memory.dmp

Filesize
64KB

Download
memory/4068-303-0x000000000A5E0000-0x000000000A5F0000-memory.dmp

Filesize
64KB

Download
memory/4068-304-0x000000000A5E0000-0x000000000A5F0000-memory.dmp

Filesize
64KB

Download
memory/4068-305-0x000000000A5E0000-0x000000000A5F0000-memory.dmp

Filesize
64KB

Download
memory/4068-306-0x000000000A5E0000-0x000000000A5F0000-memory.dmp

Filesize
64KB

Download
memory/4068-298-0x0000000010AA0000-0x0000000010C28000-memory.dmp

Filesize
1.5MB

Download
memory/4068-336-0x000000000A5E0000-0x000000000A5F0000-memory.dmp

Filesize
64KB

Download
memory/4068-286-0x00000000089F0000-0x00000000089F8000-memory.dmp

Filesize
32KB

Download
memory/4068-285-0x0000000009EC0000-0x0000000009F26000-memory.dmp

Filesize
408KB

Download
memory/4120-245-0x0000000008840000-0x0000000008944000-memory.dmp

Filesize
1.0MB

Download
memory/4120-246-0x0000000009560000-0x0000000009576000-memory.dmp

Filesize
88KB

Download
memory/4120-247-0x00000000095A0000-0x00000000095AA000-memory.dmp

Filesize
40KB

Download
memory/4120-240-0x0000000000790000-0x0000000000882000-memory.dmp

Filesize
968KB

Download
memory/4120-241-0x00000000749C0000-0x0000000075171000-memory.dmp

Filesize
7.7MB

Download
memory/4120-242-0x00000000749C0000-0x0000000075171000-memory.dmp

Filesize
7.7MB

Download
memory/4120-248-0x0000000009640000-0x000000000965E000-memory.dmp

Filesize
120KB

Download
memory/4120-254-0x00000000749C0000-0x0000000075171000-memory.dmp

Filesize
7.7MB

Download
memory/4376-378-0x00000000047E0000-0x00000000048CA000-memory.dmp

Filesize
936KB

Download
memory/4376-360-0x0000000000090000-0x0000000000098000-memory.dmp

Filesize
32KB

Download
memory/4544-472-0x0000000009480000-0x0000000009481000-memory.dmp

Filesize
4KB

Download
memory/4544-473-0x0000000009480000-0x0000000009481000-memory.dmp

Filesize
4KB

Download
memory/4544-474-0x0000000009480000-0x0000000009481000-memory.dmp

Filesize
4KB

Download
memory/4544-475-0x0000000009480000-0x0000000009481000-memory.dmp

Filesize
4KB

Download
memory/4544-476-0x0000000009480000-0x0000000009481000-memory.dmp

Filesize
4KB

Download
memory/4544-477-0x0000000009480000-0x0000000009481000-memory.dmp

Filesize
4KB

Download
memory/4544-478-0x0000000009480000-0x0000000009481000-memory.dmp

Filesize
4KB

Download
memory/4544-466-0x0000000009480000-0x0000000009481000-memory.dmp

Filesize
4KB

Download
memory/4544-467-0x0000000009480000-0x0000000009481000-memory.dmp

Filesize
4KB

Download
memory/4544-468-0x0000000009480000-0x0000000009481000-memory.dmp

Filesize
4KB

Download