344700d3141170111a9b77db100f6961cc54a2988d964d34f7e1ca57aa42aa2a

Analysis

max time kernel
146s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-09-2024 15:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WaveInstaller (1).exe
Size

1.5MB
MD5

c822ab5332b11c9185765b157d0b6e17
SHA1

7fe909d73a24ddd87171896079cceb8b03663ad4
SHA256

344700d3141170111a9b77db100f6961cc54a2988d964d34f7e1ca57aa42aa2a
SHA512

a8612836fb4714b939d03f7fe08391bbc635ca83ab853fc677159e5db6b00f76b9b586bdae9c19d2406d9a2713d1caf614132cb6c14e1dddc6ac45e47f7e5a5d
SSDEEP

24576:9viinbT3ipyqwPx4x3RyFoBkkAd04wJAAh/jV1gJcPNZI6fntX3HOt2pbs81ind2:EinbT3ipTD0anywJAaD/3U2pb7indT

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WaveInstaller (1).exeWaveBootstrapper.exeWaveWindows.exeBloxstrap.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	WaveInstaller (1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	WaveBootstrapper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	Bloxstrap.exe

Executes dropped EXE 4 IoCs

Processes:

WaveBootstrapper.exeWaveWindows.exenode.exeBloxstrap.exe

pid process

5840 WaveBootstrapper.exe
1056 WaveWindows.exe
768 node.exe
2828 Bloxstrap.exe

pid	process
5840	WaveBootstrapper.exe
1056	WaveWindows.exe
768	node.exe
2828	Bloxstrap.exe

Checks for any installed AV software in registry 1 TTPs 4 IoCs

Security Software Discovery

T1518.001

Processes:

WaveWindows.exe

description	ioc	process
Key opened	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\KasperskyLab	WaveWindows.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\KasperskyLab	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\KasperskyLab\LastUsername	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\KasperskyLab\Session	WaveWindows.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

Processes:

flow	ioc
76	raw.githubusercontent.com
77	raw.githubusercontent.com
94	raw.githubusercontent.com
95	raw.githubusercontent.com
96	raw.githubusercontent.com
97	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

WaveInstaller (1).exeWaveBootstrapper.exeWaveWindows.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveInstaller (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveBootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveWindows.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133699367543124220"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

Processes:

chrome.exeWaveWindows.exechrome.exe

pid process

3908 chrome.exe
3908 chrome.exe
1056 WaveWindows.exe
1056 WaveWindows.exe
1056 WaveWindows.exe
3588 chrome.exe
3588 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exechrome.exe

pid process

3908 chrome.exe
3908 chrome.exe
3908 chrome.exe
3908 chrome.exe
3588 chrome.exe
3588 chrome.exe
3588 chrome.exe
3588 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

WaveInstaller (1).exechrome.exeWaveBootstrapper.exeWaveWindows.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	1980	WaveInstaller (1).exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeDebugPrivilege	5840	WaveBootstrapper.exe
Token: SeDebugPrivilege	1056	WaveWindows.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe

Suspicious use of FindShellTrayWindow 55 IoCs

Processes:

chrome.exeWaveWindows.exechrome.exe

pid	process
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
1056	WaveWindows.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

chrome.exechrome.exe

pid	process
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3908 wrote to memory of 3352	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3352	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2060	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2920	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 2920	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe
PID 3908 wrote to memory of 3640	3908	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\WaveInstaller (1).exe
"C:\Users\Admin\AppData\Local\Temp\WaveInstaller (1).exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1980

C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe
"C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:5840

C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
"C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Checks for any installed AV software in registry
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1056

C:\Users\Admin\AppData\Local\Luau Language Server\node.exe
"C:\Users\Admin\AppData\Local\Luau Language Server\node.exe" server --process-id=1056
4⤵
- Executes dropped EXE
PID:768

C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
"C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"
4⤵
- Checks computer location settings
- Executes dropped EXE
PID:2828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4452,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=4612 /prefetch:8
1⤵
PID:3540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff890c6cc40,0x7ff890c6cc4c,0x7ff890c6cc58
2⤵
PID:3352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1956,i,17893958588227847616,4534311756852920106,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1948 /prefetch:2
2⤵
PID:2060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1788,i,17893958588227847616,4534311756852920106,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2084 /prefetch:3
2⤵
PID:2920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2296,i,17893958588227847616,4534311756852920106,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2376 /prefetch:8
2⤵
PID:3640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,17893958588227847616,4534311756852920106,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
2⤵
PID:1384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,17893958588227847616,4534311756852920106,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3316 /prefetch:1
2⤵
PID:1564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3696,i,17893958588227847616,4534311756852920106,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4616 /prefetch:1
2⤵
PID:1172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3704,i,17893958588227847616,4534311756852920106,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4768 /prefetch:1
2⤵
PID:3540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3404,i,17893958588227847616,4534311756852920106,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4516 /prefetch:8
2⤵
PID:2248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4912,i,17893958588227847616,4534311756852920106,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4040 /prefetch:8
2⤵
PID:2272

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3120

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff890c6cc40,0x7ff890c6cc4c,0x7ff890c6cc58
2⤵
PID:2960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2092,i,5470253064686153955,17345353478787506402,262144 --variations-seed-version=20240903-180110.629000 --mojo-platform-channel-handle=2088 /prefetch:2
2⤵
PID:5548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1796,i,5470253064686153955,17345353478787506402,262144 --variations-seed-version=20240903-180110.629000 --mojo-platform-channel-handle=1816 /prefetch:3
2⤵
PID:5540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,5470253064686153955,17345353478787506402,262144 --variations-seed-version=20240903-180110.629000 --mojo-platform-channel-handle=2340 /prefetch:8
2⤵
PID:2812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,5470253064686153955,17345353478787506402,262144 --variations-seed-version=20240903-180110.629000 --mojo-platform-channel-handle=3140 /prefetch:1
2⤵
PID:5388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,5470253064686153955,17345353478787506402,262144 --variations-seed-version=20240903-180110.629000 --mojo-platform-channel-handle=3180 /prefetch:1
2⤵
PID:2920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3688,i,5470253064686153955,17345353478787506402,262144 --variations-seed-version=20240903-180110.629000 --mojo-platform-channel-handle=4544 /prefetch:1
2⤵
PID:5724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4772,i,5470253064686153955,17345353478787506402,262144 --variations-seed-version=20240903-180110.629000 --mojo-platform-channel-handle=4780 /prefetch:8
2⤵
PID:4900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4788,i,5470253064686153955,17345353478787506402,262144 --variations-seed-version=20240903-180110.629000 --mojo-platform-channel-handle=4808 /prefetch:8
2⤵
PID:6088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5304,i,5470253064686153955,17345353478787506402,262144 --variations-seed-version=20240903-180110.629000 --mojo-platform-channel-handle=5176 /prefetch:1
2⤵
PID:3956

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4964

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Software Discovery

T1518

Security Software Discovery

T1518.001

Browser Information Discovery

T1217

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.dll
Filesize
4.3MB

MD5
6546ceb273f079342df5e828a60f551b

SHA1
ede41c27df51c39cd731797c340fcb8feda51ea3

SHA256
e440da74de73212d80da3f27661fcb9436d03d9e8dbbb44c9c148aaf38071ca5

SHA512
f0ea83bf836e93ff7b58582329a05ba183a25c92705fab36f576ec0c20cf687ce16a68e483698bda4215d441dec5916ffbdfa1763fb357e14ab5e0f1ffcaf824

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
Filesize
249KB

MD5
772c9fecbd0397f6cfb3d866cf3a5d7d

SHA1
6de3355d866d0627a756d0d4e29318e67650dacf

SHA256
2f88ea7e1183d320fb2b7483de2e860da13dc0c0caaf58f41a888528d78c809f

SHA512
82048bd6e50d38a863379a623b8cfda2d1553d8141923acf13f990c7245c833082523633eaa830362a12bfff300da61b3d8b3cccbe038ce2375fdfbd20dbca31

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.runtimeconfig.json
Filesize
372B

MD5
d94cf983fba9ab1bb8a6cb3ad4a48f50

SHA1
04855d8b7a76b7ec74633043ef9986d4500ca63c

SHA256
1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a

SHA512
09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
4fd2e1e0ee89ab2efcf64b13813dfb57

SHA1
f1469469ac1884f002fbe3cba1d8be88cfdf39af

SHA256
b94064c9e6abef05638da45947d0760325acfec963626406aa73bdeb3f3e77a6

SHA512
f28e540f5e356191f33a7e5cb091d9e6fcafac73a94e87d6b96823ff9cd8d914ed319cb3ad1ea76a5e788b7637826b6b5fa6b3a6c96f24353c0c44f9ce0b00cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
Filesize
649B

MD5
7a9cf8e50e2c2f0e6369ff3502a0270a

SHA1
64fa7e629b35b2e10e6ec3210e73e204b98b1794

SHA256
4daa055c883e9097e827b400d1c9837bb6794efb544db171603d135f3354061b

SHA512
290a45adafb9852a686219617bd833342d33883f3f04d6516170a79eaca8ae32c8cf254d1fec52671f4a56c4c28477a88f2222609354dd5e906a5036c0190959

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
Filesize
44KB

MD5
3bfbecef28780d972e585af95494b95a

SHA1
87ceb897609f3472a70c32109cbb2c7b03eb5fb7

SHA256
c362d6d73b4ace69bb9da4789ffe6a33ef25224502c04894d861522138add279

SHA512
887f0277565075facb14297c516bc656abc7d8ea2b3858a792f9fc192ab5a89e118d404ec44d0878560b170782f920497888ee94ed578218d857432a559fa9b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
Filesize
264KB

MD5
efc19f5c39da49aff5b52148debc9270

SHA1
97afc63c244f715b6dd0d2732df7e81051461f7a

SHA256
05bc4ae83a9cf7b3202c99b372681cfa88447d7b204ba1d93a29d0a32a780ab2

SHA512
7268fd2ceafa720cb114218d5bb9cac0444133427c1d3a5f6b5cd5b29fee798c8dc578dca0e6bb8975b8673bb9d2c1e695248231267c69e04b4e4815be749fb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2
Filesize
1.0MB

MD5
55c1dd8240457c56907255cd086a7bf3

SHA1
4cec7f24361ac554e8a521bb3b067973c68986f0

SHA256
f290f03028d8897ed18c6bcf59699a8d682706ffdcb617c10697872e7282c617

SHA512
9c2470a458b8ddd2e04a0ff0626e47dcd1baf3212538f5dcc4d7640d04707fc29f5e9ac91db5bb6622a5c50138930e3a80cfcb3cbd82a703232b603de61eedd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
Filesize
4.0MB

MD5
19a8d09e0eb4f2eae987da3b43103abc

SHA1
ed1674b42a9dff063f96131e454d325797c7689c

SHA256
3b7b6ff1ed801815ed1155ce19320ede33a407dafa719380c7125b8740f68324

SHA512
2a852a32f4c037b0075bfa56a147889b3f0de8ed15ee7865b8576ecdec729e3b0db45977cc7fd812c0dccae79a5f5591cb5e14eb9e49d054e611d8da4f55059c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002
Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003
Filesize
51KB

MD5
3554310e0e2c4dbd669967895706e1b2

SHA1
77f859bf26eb3c12d88fe13ae9bbbce12847b6b4

SHA256
50e932a8a6ce2e555699430e0d8f321cc9ed7a45fc7faf64396821465c126af4

SHA512
c4a6016067a6b643dd3aee37441b91cd009bb45b5151461eaa472b0dbc4e0a19c02fd7e9ef61c93908b9d3f9ef83f4260467fddfb059bb996b8d69832a956e06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004
Filesize
36KB

MD5
a27b5852ac882dba36fdc2613c40b707

SHA1
75331b44f456ab16c51481f3e068ad986821512f

SHA256
2b0ea959c39dda4cef5b4ca0a125df435587b6a0fd2605d74e5e977ce22d35f2

SHA512
e7962ccdbbb00e77e6d7f240e44574a7db6bd9b27be29b42518eb2927bb2af61dae94d846f67016fe45dceca24bbc4320179955996bf5ccf218f8772fb28eac8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
Filesize
62KB

MD5
85399af00818ffca88f31b79287363a7

SHA1
14735e74fbdd04c64b8ad7a11b71b0975257ec9d

SHA256
8ad09ae977fbd853bc3da7d46f7a4f2bd8303fd48c4044748811dbf649914fa6

SHA512
3d241739e14885f401043140a78818d23a5f671d840e73138b52fa94620ea4733b4c92a3e19f796b8a74f9a8ad3991bbae01be6a159dc4d5d42049953a9551af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
Filesize
55KB

MD5
dd8303a0303967852ac3e44e4cef3f51

SHA1
b7eb90c64e7735340a4df198d9e499bceb6fd5ae

SHA256
4885e756d6833380f322ae41ec14191a1059f740f876f4c4211462c2993d39f9

SHA512
b527bed3d32ea7e915e9a3551f658b931b24b3c39035c512296a03bcf0ca58a58ca84ae9fbd0651e2f4085b5a832e9e66266c28e2d6b68f2c95a1baa24da721e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
Filesize
58KB

MD5
025d326560a0b258209c47bf3b09ba2f

SHA1
f7efdba891832238e5faa1a1ac1ac14d2dc4be04

SHA256
823bf27c68875df3036e17d8f5d8dc2a9f664c66fcbdd21927fb53e35902dee1

SHA512
f95f76f5a244dc68e668c4b23a8928636b630a17c7992282b28436269ff813eb59a28137812724c5f061670343f6a45ed9c6606648cf254a1aaff55da5d834e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
56KB

MD5
53b5c4236cd25504aefa79e4e41f04b4

SHA1
72928c66f61b7e436edeb7ee071b582381e2061f

SHA256
18f6b45851c3fa1c6d4dd544eed5acc3f2bcd9273cdf0ce96636d44ba5cfe27d

SHA512
47081713f5436129dc6796cfc3a9ecd0e554a8c3a2735ef7a73db60d200ecfd8dd273f26d624ce28b2420c136ff9407bbda5cc29f4801e83266613334bb1093f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
eaca29a5e877b840028b73695a34387e

SHA1
3e58172d9d6ccf2e4bde1f1235ad9f818a32a12e

SHA256
a39f1f2f02cd32d7d5f0dd0bbcff8cc1a089e77f2ffcc1a90302858e747ec41c

SHA512
50a5a9b83226a2bc0acf57e34538ebb325ac9bcfe40aaabcc842211a89b6679129acd67c156182d7c2255a3d98816426ad20bfd2b94beb8532f27fa630e6ad72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
dd5f8946f346480c87e034fcf6c8f04e

SHA1
e455b2e59aa948073ca106c9e094aac8a8b92da8

SHA256
b8069b29cc349a455474c91bccb38d2a93d050a397c06b39ec14d4758258c4d4

SHA512
04c53d2c7ea9d90ad999a0b263dabb10b38ca369365dd7663b94f3638c55a498ab295cd3fe8ec5143731eed0505eede6cdcc59f047390eceb6c7600b68385bca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
Filesize
20KB

MD5
4a61feaedadc0617b88c619d8afc1ed2

SHA1
308cef4270f7b37cbd71d8f70dc81b67f96d060f

SHA256
ecdee2cde191b0ffadecfca19cc1d652fa213076ea0e7780dc26c16d4e125d72

SHA512
22fdd03e9d85b3dba0c79630ee77b10c4dff4b07603d59d6bb9e9b32b06d7864fd2583a78755170236b9f4a0c2a80c98832f3670cb7f7964e7a7cfa601090ff6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0
Filesize
44KB

MD5
f818a3bbc8f6ddae232be0c6a9985ffb

SHA1
32e3db10064388917400c6c033595488a6d2ee5b

SHA256
df17e326ae6dad00e123b27e651819c608e8e6287386bc4f5d9df98c54eb8cd8

SHA512
a45a52f411f9ba25e206e9e186b4b59974d79b48a2ebf3a5082149fe3adab9880d264ed5789856eb235004dc1c2df2ffb8568f35ed1111e6ea40dee6d1b62913

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
a0f35b6ee257d129cce5086c5f47a9ba

SHA1
087a5050b485e287daef870dcfbad50583c17e32

SHA256
01e9cf3b6c9ca2f4f4533761ef5714febe395cc9f45d6a71bdc72f27de752e88

SHA512
1dc28d38feaf348ebf6dd3375c69a8f1e6fb2b4ecf0094fbb878752336eaff65f96be22c3504f8fe03c18df1d9c3cc99ef0dd2ea84cc0018de2be9cb4cc55d0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
Filesize
160KB

MD5
83cbec709e20bca4d99a15d211cc70e2

SHA1
c666c825b9176dc6f54cfa347c94ee3c09d0fc85

SHA256
cc9aae02065b4e3195cc9f47631d34381c3046b4678d9abef07fd6830a3c1fb8

SHA512
f3d4f4c84e387f83d44deb5bda66b9d1b5cd891c7125f1888e370bcf2878f609dd9d0963a94db2e26a84b3cf19dfbff79c3d0ee64b5df598f5ec322cbfd0531e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
Filesize
278B

MD5
519935c30ed8a073b459075870b87bc9

SHA1
d2b5c6eda8de762d68f87f42d42f6a026ea453e0

SHA256
b4824265bc831520627481c5047b9a927e6f7cec2ac2c8fcb566f94544affe87

SHA512
4ad7d930b660d2ae743e939cef2ef0d33c05d49610bf6e4f8c38b09eaf41b2f6c4e385cf662ca33d2b24f2b6b8875bc63c92c74547e242a41c9e9ead5cd49b5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
Filesize
329B

MD5
ae53b02503157cc82d05890e3d9e5b35

SHA1
91d1ba539a247d6359792db4d9bbe9170f7315dd

SHA256
0ba0924a8d2f550e9735c9ccf3487b49bde0e627a16a0d8a668c9ffdc27d3707

SHA512
657f6634768453ec339bac65875d296e352e2e6b8ffb3bcf258669f0dbe400fae431b1df5a5cd642d6b57736e6ac9772d988b542057185466a3220bf747589df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\05f9f992-27ea-40b2-9282-2082673dc7c2.tmp
Filesize
356B

MD5
71d521a5325dce21bfcb0a8fd8272bc8

SHA1
a7a72d5ab71e46ec9d6dc12c208535fe36f106b1

SHA256
b61e3e54809fd5e77278dc09c1d9cb891f2d9cf9349a48a365480c227da0c54a

SHA512
35c9954aa519ba25540e35e12958dd2eee01f9b7813e2d8bae0c0d2bbf734e1a295ffadb71748a0d518a138dda1da7bf1df16961000f9021d14d172212f70d65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Filesize
20KB

MD5
21c5ce0016633cb5abc4b344e481af45

SHA1
e6e407e35c0e0dd6ad4e2830d140daaff59ba2b7

SHA256
6a20867096d8a8d97d58f461cd757856550011b4d4648f0bb7361c455b97622a

SHA512
48a927a1c1c8c220481e7635a4ebb639571f40aeb8613e5add160a317c9c4dd7d3bbd613c1e831ef3792f6370d67534d298738c5c21e46cbb8c40041ac903f43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
a976056e06dcc971698593f2019a1ea0

SHA1
6df678dce4b55064c882a56ffe16a876e4fa4270

SHA256
9ae2f8af7e29c3e0e7b2278f60050d40ac8f74dd6dff492754090e7539a972df

SHA512
03240b9b9631fed3a791e2cc6b63a97d981abcb0ddedcf089fb08621b04c8f936fdb6e9deac9864846b73c203051b830ae2d4d4501712cd91d63400bbb51e789

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL
Filesize
36KB

MD5
65a790d56b7803511aef4562b84911a2

SHA1
ded5cca838c63b3309a4fc59386fa98499da2675

SHA256
07ac0b234475d6b307c4a0453c7204fbfbfa34c9a755805491a192b1d3e7a4b8

SHA512
6ad69695fb5d394d8ae6fced389833f41dddab094909313aed120541b997d24332cc9da75c488e2d16f2e09ce02a274814bd37146623921ecad8a0d2f075b847

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
c17a160bfe0ce09b0c3d6ea5df8f7097

SHA1
779e3609dbb395245553c26bd049a3bba6b809d5

SHA256
3727b3c7ce214bd4bf5c5aa437de97fd079c68a213b10d05b1c415c20fc09f88

SHA512
ad38a2be197021ad6d4b3dd3bc74e308641787c70388b82e1ae57b546c35eb66f92462b5cb1302bb0c036a613ea1836d40b86d84484a3d712f1a6df579086dae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
299fe5d69702dec5e62ad68cf07d41f1

SHA1
0c9fea64d8701518b9a99dd6bdf2ae8fd8c614eb

SHA256
6e11d2f9ea1e115d6c3a7dd3d995f5ced6975db1719f46db8c6713b286da4477

SHA512
57513d343facbeabacad8a524c8e76dc76dd89b966769529554707fed83db6d1521ee31935417838eeca03e53649e7036c7df2379f8ce70615e0bf555d5a3bf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\ac253982-e338-4c76-b6eb-40bb75117132.tmp
Filesize
2KB

MD5
3ffb12f31f54c787a1935a996f3723df

SHA1
0a0cf4be7e87fcaeb658c5bc56a74739287f78fb

SHA256
b5a383d14f9e38e82253b9d698c8d983b80a8c6e68b7906c1766c2c9adaf199c

SHA512
151252935a01470961fdfba4c39eba060abfc831a46d40731dbf4ddac46b6fbdd16ce98aae2f91fc5d4b1fdd974ae6db4034aa6b447ab34f5aa5c0790cd35331

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
80a386728e61761b6bfe6c4f64cd2072

SHA1
88cf133b591d4b4afb3ae16923e3df66c1614d01

SHA256
7104eed1c25dfe70cb8fa265f027a41e28b6616f255dbd1e04cc450999da6407

SHA512
5cf285606271bbe43f1c590de73df2215b571d99a45ebea29874a46a2d413fc0d480b3a9ac23adf56dcdb51275439f07d95968481770db2c2776c02b67b3422f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
240bee5d7c45cebb08a92880b8f2ddd1

SHA1
d9de48cb180a4d60ee2cdb5556e7d7b941e6ae9d

SHA256
ea045f9ea57cd4d5e634c2214b8d3f534b4cb126ee0b8e19c592f1100d419057

SHA512
245339438b67de05791b9972493ea062ae4c2342a3568c0691fd182079aa1bfe0df073e615fc7eb23ffcc5432d3d537012b0fd718246736749c1af575289c532

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
90dedf1ad6eb87ea79c253c761edea5c

SHA1
5190f45b1bf543390a654ed8e780232759d27c8b

SHA256
614076d5f7f943d9f81825129b87d2f5e48341caf7eed7768f3b42775d112fef

SHA512
8a842323ab2b8dffffd86639bf8c2a276da417abe2ebd6a739f13bbfce2c1bdaa02a0f5b5d381e4819af0530970892f3fc4245fddfb73d2f62b789728bec5c7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
b0c7393ca9978807914e840b1ecaef3f

SHA1
739513cd9cdf9e8d497b51d50a42e7b0b9ebc29f

SHA256
f11050d4034cf1212dbdd36a9fb83253daa6c6f597167d11742b90ece6927f1a

SHA512
b2cc6efe94d8ce36316c69de7813a442c7e051ecd5c538976a1d73e6a7f66bb014a9d4af5aab20f00f1ca158b5ebd783b89c0e801f04b797730962b5cd60dcc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
3004173f897bc645b0c647382b5ae6fc

SHA1
7264506a1f33d8151299f4ca0ed65ed21cf928db

SHA256
795f73e004e073615980fb909e04160ec4254dc21e473a4550536de3263a8b51

SHA512
6fd8bec973138a5bedcaa2b6e7a9b85ada028eea1021944c89164c344ad49978f9310048d6e0d1799cbb8f057e9e8a82fb25c690ff0c19c1646fe4b0799f9ffe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
1a170b35467ec742fa5f89d0a11ddfcd

SHA1
0dc8765328721569ff23023941f4f3ff8a722466

SHA256
9c4f45353328dd00f37df1cc5f7628d3d38c4e8e1ada68b520f468fabba73e85

SHA512
7bd912dc482fdfddcfda85684165176c4066311f223e68150935a4a87a4998ed00f30d060967dadec316244831d058b21e340c1499e95c607434991d6a997cca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
c50baee4afab8f6c7ca766bf83858424

SHA1
b445c7e89d0b3c749845432b68006057217874e0

SHA256
8011700d7de549ea0311abfa80f9005de0064f55b16bde2d8533fddee379c337

SHA512
e39ce09111225c0de37c61681dd6b46180860fcf621e4dc8367a24f274d07a8234d8a1e44498bea09a93b53fe3907c04ce150d5e1ac19d04c4d4de8f51120b64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG
Filesize
333B

MD5
ae81e97e86bf3c2c61d377b4cdd73b5f

SHA1
29abcff3ca86f64c6e380fc3694d5a81822525cb

SHA256
261e58a9bf08fd5b0a1c11572cea896b7e257c068b5d3fda7fb07712c8f3212d

SHA512
a95c42108e854f525875778ba034068cb2b7744f7b284654651ae1813cb1245619f6454ac9b7321b9d865c573697cb95824bed6b6d45b2efd1504ec810358c50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13369936775405095
Filesize
3KB

MD5
3bbe8045894507e857270ecf67fe1d11

SHA1
8ccd9ff58cb2b735084dd1fc5acb5f677cd81e6a

SHA256
7532b9925dc8cf8458122506d10105247c735f2b7561db061659d9e75cf66fb7

SHA512
ff5fb3cda83405eb64512bc46142fbb3a838de0a25e78576647f8a58c37bf95f56e37b3902afb37016534ac06fddaef835b99a96507aa971dbfcde10569ae02e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
eba758f0123d9f0f1853c7982f383f70

SHA1
a2956d877edb84d9c448de0e4cfd74e1082bea4b

SHA256
4a6c430ffd53ea538e64eb58ccb8f37ab8689acf8b28aba3ca5664a209496bf7

SHA512
56074fe575019b1cb6c171704cae13c8526cb75f16945640afe24b9a500708bb137c9b8ac5e0855f076161b3aa4e5c5b1529930f8567ab2733b8c8695c1d5c8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
Filesize
345B

MD5
0e17d21d4cf9cbfc13c90f198cdd3f5d

SHA1
85a7e551096cf4bbc51cb4dbde670e8d6c01630b

SHA256
d96d12367a2779edebcfaa2026733e09bf5034efd9e3cf2f8a067fb37fca4372

SHA512
c7a6a50a9c48ba617757e2a6aaea2c04866e1c159394c9b56fd83896fbe0378ff4a034ddebd5410213e6afd4edaba1fad35df4aef118adb91ccb8d3a33f32f73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
Filesize
321B

MD5
96557141c7a0c1d14ee55550be4d975e

SHA1
44863725e3866d20e5f8ddf4a8898c970fad4d4c

SHA256
93a7681ef2b6b42512ee327ea10840a68b45649c6d0001e9130e12f56b805be7

SHA512
237c4c1d21f160be936d3313b6912774edcbe0a30da6ebcc7de8d5414866deafd1d4fece39ee531d132efab8e3d3c5a33b122573b3047a7968121a10bcbe2f70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
Filesize
128KB

MD5
d7d4ab5da9002430e6296bfd935601ff

SHA1
715e518237ec3349a2bea426a5ac2a780fd3975f

SHA256
e1d302d62de3bc966598773d8c84fae95cc619f2a9c8ff8f0020d134326cf43c

SHA512
43099d48e51add9245d31a093b97c4d2eead9761fcca0ca18fb05dd569ac85884f578e3789e4dca0254cfbad045a9261037cc86bb71f5bd4c78d2d612fab9ea7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
Filesize
114KB

MD5
931e94e79250af97324fd50b5f5d0f72

SHA1
386012ac2f0536b777f5cb25427014362a8e0f0a

SHA256
2640b845a8852adba047bee9b2617516ae162a20a32bd6f2d786bf54361bedb9

SHA512
c907766073011e959058ce83cbbc2cbc21297ba03d4470745b7dcac971e00d893492ce905b6067612f0949a25ba976daaf0ed1c99aca4c2ec8b8427a8610fa22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
110KB

MD5
845a9e8ca28949e7307a67beeda0cae0

SHA1
a90f76f1293f852b78b67e1e240da67306a82fa0

SHA256
f038a3c2279de7674e4f499848052c90cdb1097ea374d270a55fcf975d930460

SHA512
d84726b861941a5fd6ebb2e09af784f183f7cc48b64a354200c21402cb755667c14426e424efd3555142acfa42ff42558a1a5403ae509832cad8b10d9ea0af40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
110KB

MD5
c3ff3b73ac30cc2b73036a8991927a81

SHA1
800fb66d6064e8a65759d709fb742c4100ffcbff

SHA256
6bbfd6c27d65c6444fa6b91fca5672a56c9875d285fe4beb1bd194f0497b2c94

SHA512
56e702162b74f7dd6a3705afcd7adb1c98d3d93e6d8b4a387e6cfaeae55fd0bfc32431bc9b2c816aaf9439ce1a8a4286e263cb5ae3cb239d872b1befef7dc796

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
205KB

MD5
0133104722adc00e3cf45922ab81e848

SHA1
7d2c82cb43ae74a926a2fa4dc843259a46dcfc63

SHA256
950004171f51064c181dd4d130e0b2e5e0181e289c24dad5f3fb9b71cb46fe47

SHA512
b38f7c81562f14958c57e98c8e186f56bb9073c253ee2ab45729efa5740ac44ba0f847bca28e5c6e33b739e8ac65baa54632d1a3ceda6affc12e93f4cb1bd9d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
205KB

MD5
8da8dca90724ae5dd1ccbd67e4213854

SHA1
75abb95d4b5dc5b68a62e3a8c0981d31b80b4533

SHA256
7b8a19efc858521575dc982613ce4f0db4ed5aa3af3cfe1c1b8749d58cf9bd39

SHA512
b52a7f946cb0dc72afc65297cf72ec3616aacb21eb7ef40a4f153ed6255b80de228ef723b2d09281e9611a78b7f273838fcfdee4f9fc92a265dcab810f3d1857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db
Filesize
28KB

MD5
05f3787c1ad219afcd8fcf126360b675

SHA1
0d8345d5abd826396d2e9a075fb6a19da9b73a62

SHA256
1f0b2ae142c464be7694b1ad1a28d57cc5b3424bcea80a71b98f2facaf6cb88e

SHA512
121b9240421992509e886ef5f47d8f3b611d15834d0c1fda0b6a81db204cf82259dd0b977222a35a7bef0718037a980afbae84d331610cea88dd4676860739fd

Download Submit
C:\Users\Admin\AppData\Local\Luau Language Server\server\index.js
Filesize
6.1MB

MD5
6b1cad741d0b6374435f7e1faa93b5e7

SHA1
7b1957e63c10f4422421245e4dc64074455fd62a

SHA256
6f17add2a8c8c2d9f592adb65d88e08558e25c15cedd82e3f013c8146b5d840f

SHA512
a662fc83536eff797b8d59e2fb4a2fb7cd903be8fc4137de8470b341312534326383bb3af58991628f15f93e3bdd57621622d9d9b634fb5e6e03d4aa06977253

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe
Filesize
949KB

MD5
495df8a4dee554179394b33daece4d1e

SHA1
0a67a0e43b4b4e3e25a736d08de4cec22033b696

SHA256
201263498c60fa595f394650c53a08d0b82850349123b97d41565e145ddf2f42

SHA512
ce3bef1038741f7a0f90cc131a4a1883fd84b006654024d591f5451e73166b4cae546e307c358b5b90aa0e6517bf7b6098f1f59a3ecc01598d4feb26e6b6af33

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
Filesize
4KB

MD5
331dc6368c70198f19f49d73431730ed

SHA1
5b1ac72a623ce3bffe8f36261d738eba6acba5f5

SHA256
69b914130ee8474ad38fcfac749fe00dc7d742621e81ef12cc6779c630908e1a

SHA512
80fb88c517de6c177e2a97004413841a049c5e55b579d694b71f3a512606d517866b6dda0db31b84907f49c3a224225d6c2e9a6af174c0c83ab5ce78a0bf90f4

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
Filesize
8.0MB

MD5
b8631bbd78d3935042e47b672c19ccc3

SHA1
cd0ea137f1544a31d2a62aaed157486dce3ecebe

SHA256
9cfda541d595dc20a55df5422001dfb58debd401df3abff21b1eee8ede28451c

SHA512
0c51d6247e39f7851538a5916b24972e845abfe429f0abdc7b532f654b4afe73dc6e1936f1b062da63bfc90273d3cbc297bf6c802e615f3711d0f180c070aa26

Download Submit
\??\pipe\crashpad_3908_MNIAHHQQWYZLYVNE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1056-476-0x000000000ADC0000-0x000000000ADE2000-memory.dmp

Filesize
136KB

Download
memory/1056-463-0x00000000004D0000-0x0000000000CD2000-memory.dmp

Filesize
8.0MB

Download
memory/1056-477-0x000000000B9B0000-0x000000000BD04000-memory.dmp

Filesize
3.3MB

Download
memory/1056-491-0x0000000005D30000-0x0000000005D38000-memory.dmp

Filesize
32KB

Download
memory/1056-471-0x0000000009F10000-0x0000000009FC2000-memory.dmp

Filesize
712KB

Download
memory/1056-466-0x00000000057E0000-0x00000000057E8000-memory.dmp

Filesize
32KB

Download
memory/1056-465-0x0000000005730000-0x00000000057D0000-memory.dmp

Filesize
640KB

Download
memory/1056-464-0x0000000005680000-0x0000000005732000-memory.dmp

Filesize
712KB

Download
memory/1980-8-0x0000000074940000-0x00000000750F0000-memory.dmp

Filesize
7.7MB

Download
memory/1980-104-0x0000000000E10000-0x0000000000E18000-memory.dmp

Filesize
32KB

Download
memory/1980-1-0x0000000000370000-0x0000000000502000-memory.dmp

Filesize
1.6MB

Download
memory/1980-2-0x0000000074940000-0x00000000750F0000-memory.dmp

Filesize
7.7MB

Download
memory/1980-3-0x0000000074940000-0x00000000750F0000-memory.dmp

Filesize
7.7MB

Download
memory/1980-4-0x0000000074940000-0x00000000750F0000-memory.dmp

Filesize
7.7MB

Download
memory/1980-444-0x0000000074940000-0x00000000750F0000-memory.dmp

Filesize
7.7MB

Download
memory/1980-6-0x00000000095D0000-0x00000000095DE000-memory.dmp

Filesize
56KB

Download
memory/1980-108-0x0000000005430000-0x000000000543A000-memory.dmp

Filesize
40KB

Download
memory/1980-107-0x0000000005420000-0x000000000542A000-memory.dmp

Filesize
40KB

Download
memory/1980-106-0x000000000B720000-0x000000000B792000-memory.dmp

Filesize
456KB

Download
memory/1980-5-0x00000000095F0000-0x0000000009628000-memory.dmp

Filesize
224KB

Download
memory/1980-103-0x0000000000BB0000-0x0000000000BD6000-memory.dmp

Filesize
152KB

Download
memory/1980-102-0x00000000059D0000-0x0000000005A66000-memory.dmp

Filesize
600KB

Download
memory/1980-0-0x000000007494E000-0x000000007494F000-memory.dmp

Filesize
4KB

Download
memory/1980-7-0x000000007494E000-0x000000007494F000-memory.dmp

Filesize
4KB

Download
memory/5840-449-0x000000000A490000-0x000000000A4AE000-memory.dmp

Filesize
120KB

Download
memory/5840-442-0x0000000000DD0000-0x0000000000EC2000-memory.dmp

Filesize
968KB

Download
memory/5840-445-0x0000000009680000-0x0000000009784000-memory.dmp

Filesize
1.0MB

Download
memory/5840-446-0x000000000A3B0000-0x000000000A3C6000-memory.dmp

Filesize
88KB

Download
memory/5840-447-0x000000000A3F0000-0x000000000A3FA000-memory.dmp

Filesize
40KB

Download
memory/5840-448-0x000000000A430000-0x000000000A438000-memory.dmp

Filesize
32KB

Download