lumma | 100dba151efe66c842fde4337857fd3db4568c1e3ee008e412927e67ed72094e

Analysis

max time kernel
219s
max time network
223s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
02-01-2025 01:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Voice.ai-Downloader.exe
Size

477KB
MD5

40ffaea0c96bc8fd1ac022ecf287980b
SHA1

c9ff64fecee39aa1a4f1c930d6b6ad423e1b1c14
SHA256

100dba151efe66c842fde4337857fd3db4568c1e3ee008e412927e67ed72094e
SHA512

cc0f2ff6b650644564d7469031c96fcaf93b9dd82318eda244abb65970d2e5697ba27bb0c62e31f4f654cc031ac7f19f0692f444674fd174f9acbc201c8944dd
SSDEEP

3072:ckBGWOsTIJgIDU5A/cNo68pMABlZQ2wpFD0ra42L5GYDxJ0ytta:c1ssjH5Mp2w7g+42LUS6

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Extracted

Family

lumma

https://fancywaxxers.shop/api

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
Downloads MZ/PE file

Loads dropped DLL 20 IoCs

pid	Process
832	Voice.ai-Downloader.exe
832	Voice.ai-Downloader.exe
832	Voice.ai-Downloader.exe
832	Voice.ai-Downloader.exe
832	Voice.ai-Downloader.exe
832	Voice.ai-Downloader.exe
832	Voice.ai-Downloader.exe
832	Voice.ai-Downloader.exe
832	Voice.ai-Downloader.exe
832	Voice.ai-Downloader.exe
832	Voice.ai-Downloader.exe
2640	Wave.exe
1232	Wave.exe
1252	Wave.exe
3360	Wave.exe
3188	Wave.exe
1140	Wave.exe
4540	Wave.exe
976	Wave.exe
1044	Wave.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
156	camo.githubusercontent.com
167	camo.githubusercontent.com
168	raw.githubusercontent.com

Suspicious use of SetThreadContext 9 IoCs

description	pid	Process	procid_target
PID 2640 set thread context of 2388	2640	Wave.exe	124
PID 1232 set thread context of 3716	1232	Wave.exe	130
PID 1252 set thread context of 3340	1252	Wave.exe	136
PID 3360 set thread context of 3368	3360	Wave.exe	141
PID 3188 set thread context of 2772	3188	Wave.exe	146
PID 1140 set thread context of 3704	1140	Wave.exe	151
PID 4540 set thread context of 568	4540	Wave.exe	156
PID 976 set thread context of 4472	976	Wave.exe	162
PID 1044 set thread context of 5044	1044	Wave.exe	167

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files\Voice.ai\meta	Voice.ai-Downloader.exe
File created	C:\Program Files\Voice.ai\VoiceAI-Installer.exe	Voice.ai-Downloader.exe
File opened for modification	C:\Program Files\Voice.ai\	Voice.ai-Downloader.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 9 IoCs

pid	pid_target	Process	procid_target
4312	2640	WerFault.exe	122
5024	1232	WerFault.exe	128
2980	1252	WerFault.exe	134
2640	3360	WerFault.exe	139
3888	3188	WerFault.exe	144
4572	1140	WerFault.exe	149
1552	4540	WerFault.exe	154
4528	976	WerFault.exe	160
3028	1044	WerFault.exe	165

System Location Discovery: System Language Discovery 1 TTPs 19 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Voice.ai-Downloader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133802553821911126"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4084745894-3294430273-2212167662-1000_Classes\Local Settings	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3008	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
832	Voice.ai-Downloader.exe
832	Voice.ai-Downloader.exe
832	Voice.ai-Downloader.exe
832	Voice.ai-Downloader.exe
832	Voice.ai-Downloader.exe
832	Voice.ai-Downloader.exe
832	Voice.ai-Downloader.exe
832	Voice.ai-Downloader.exe
832	Voice.ai-Downloader.exe
832	Voice.ai-Downloader.exe
832	Voice.ai-Downloader.exe
832	Voice.ai-Downloader.exe
1748	chrome.exe
1748	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeCreatePagefilePrivilege	1748	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1748 wrote to memory of 2464	1748	chrome.exe	93
PID 1748 wrote to memory of 2464	1748	chrome.exe	93
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1008	1748	chrome.exe	94
PID 1748 wrote to memory of 1468	1748	chrome.exe	95
PID 1748 wrote to memory of 1468	1748	chrome.exe	95
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96
PID 1748 wrote to memory of 3676	1748	chrome.exe	96

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\Voice.ai-Downloader.exe
"C:\Users\Admin\AppData\Local\Temp\Voice.ai-Downloader.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffd84bfcc40,0x7ffd84bfcc4c,0x7ffd84bfcc58
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,15899944353338948968,4144721175383065542,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2100,i,15899944353338948968,4144721175383065542,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,15899944353338948968,4144721175383065542,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2448 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,15899944353338948968,4144721175383065542,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,15899944353338948968,4144721175383065542,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3992,i,15899944353338948968,4144721175383065542,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4844,i,15899944353338948968,4144721175383065542,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:3344
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0x7ff7b87e4698,0x7ff7b87e46a4,0x7ff7b87e46b0
    3⤵
    - Drops file in Windows directory
    PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5112,i,15899944353338948968,4144721175383065542,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,15899944353338948968,4144721175383065542,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4924,i,15899944353338948968,4144721175383065542,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4980,i,15899944353338948968,4144721175383065542,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4940,i,15899944353338948968,4144721175383065542,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5516,i,15899944353338948968,4144721175383065542,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5592,i,15899944353338948968,4144721175383065542,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5580 /prefetch:2
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4952,i,15899944353338948968,4144721175383065542,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1204 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5588,i,15899944353338948968,4144721175383065542,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3220,i,15899944353338948968,4144721175383065542,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5252,i,15899944353338948968,4144721175383065542,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5580,i,15899944353338948968,4144721175383065542,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5304,i,15899944353338948968,4144721175383065542,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3268,i,15899944353338948968,4144721175383065542,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1204 /prefetch:8
  2⤵
  PID:3888

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1700

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4312

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2248

C:\Users\Admin\Downloads\Wave\Wave.exe
"C:\Users\Admin\Downloads\Wave\Wave.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2640
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2388
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 1188
  2⤵
  - Program crash
  PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2640 -ip 2640
1⤵
PID:1832

C:\Users\Admin\Downloads\Wave\Wave.exe
"C:\Users\Admin\Downloads\Wave\Wave.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1232
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3716
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 1152
  2⤵
  - Program crash
  PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1232 -ip 1232
1⤵
PID:4436

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Wave\config.ini
1⤵
- Opens file in notepad (likely ransom note)
PID:3008

C:\Users\Admin\Downloads\Wave\Wave.exe
"C:\Users\Admin\Downloads\Wave\Wave.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1252
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3340
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 1152
  2⤵
  - Program crash
  PID:2980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1252 -ip 1252
1⤵
PID:1352

C:\Users\Admin\Downloads\Wave\Wave.exe
"C:\Users\Admin\Downloads\Wave\Wave.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3360
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3368
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 1152
  2⤵
  - Program crash
  PID:2640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3360 -ip 3360
1⤵
PID:3964

C:\Users\Admin\Downloads\Wave\Wave.exe
"C:\Users\Admin\Downloads\Wave\Wave.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3188
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2772
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 1152
  2⤵
  - Program crash
  PID:3888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3188 -ip 3188
1⤵
PID:4420

C:\Users\Admin\Downloads\Wave\Wave.exe
"C:\Users\Admin\Downloads\Wave\Wave.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1140
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3704
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 1152
  2⤵
  - Program crash
  PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 372 -p 1140 -ip 1140
1⤵
PID:2936

C:\Users\Admin\Downloads\Wave\Wave.exe
"C:\Users\Admin\Downloads\Wave\Wave.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4540
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:568
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 1152
  2⤵
  - Program crash
  PID:1552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4540 -ip 4540
1⤵
PID:2556

C:\Users\Admin\Downloads\Wave\Wave.exe
"C:\Users\Admin\Downloads\Wave\Wave.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:976
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4472
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 1164
  2⤵
  - Program crash
  PID:4528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 976 -ip 976
1⤵
PID:2392

C:\Users\Admin\Downloads\Wave\Wave.exe
"C:\Users\Admin\Downloads\Wave\Wave.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1044
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5044
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 1152
  2⤵
  - Program crash
  PID:3028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 396 -p 1044 -ip 1044
1⤵
PID:4596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4f46d217fcdbd3fc66b8780c521696c1

SHA1
ae22e527be4f55d4de30e1218db904604c6db82c

SHA256
6d444abfc06ed4e1f16c698f935603b1a61f7022eef0b306331de3ec650c4b78

SHA512
4aa95801c96effd58cd8a4ce0d092ac6d7ba27da04c892d63b04194b9615a63851398bdc7755a9d24302834e702ce9bbfb1bff7d2ecec9e4dd67b5da6dc1f34f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
72KB

MD5
43cb209da0740090172519ed6c1fed84

SHA1
085bd5ef087f7cac77b2b0cfb3353b54abd54dc5

SHA256
3a7f8be6d463bd77dad51cc40b5407ad923dd1a1f678979eb9b95adac8d393da

SHA512
3f522c8b72e42942e7713ae0efa4970de6a2f4b8e990ad59b09b00a2bc4a97a331ca9d8a6ce5e0a840abb86b2162e288d424472dbaad61ea432a6ff772e8c66c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
459KB

MD5
cdda340e8eb23f20ceb348c4089a4d9b

SHA1
7354bb5e01f093c02d4c5be137a388ef7ee3141a

SHA256
11f6209d6cc27b67f04f8e266e56a834b0d16fcfb72cbffe481fcf2d77feba62

SHA512
285b752093c984063812a1fe284f5ef91d0b9ed06f612fc2e0cb7e3b3a16abd61014ac9eca883f02a6d35fd7e1cb84b57bea6ead73f45ab4e15321a2fd0be733

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
71KB

MD5
56b4de33a9d129271188241d1a66b266

SHA1
a0aeb6cb5ed7d67aa1bf8066af0ebcc22cf67e9d

SHA256
ef88bf4b325e1d6b06b11dda9c5980082a7266e3d0134c70f95e098ee6404bc2

SHA512
41b3c60c2a15e68fba03fce678ddcd7ff319d60909b5a23ebb953981e6249ff47fb6bfacf58e42bd295ca84f46527bda9b2d00a9666b0bd79ab8eb9c86259e37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
a76d191e5afbd5f0b83bbaf3433fb530

SHA1
bc3c03c8fe74f22fe875ed9f81ecdf2409a3c7b6

SHA256
69004b275eee48c59e12d88b1a09e4eba12563e932a7d86beb24d1cbf4a5e413

SHA512
dffdc4912e8b401aa3ad9c0d2b7c053dc00beb927db4d6dc3e1d5bd7d6a8b1f898f35df1f16634993100eeba458ef6bf3385e71f771950783d1b4587bcf98015

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0f95e65db995acb3c043dea1a5e0bbcc

SHA1
ea869902db6b2d884e5361b6e1afed63c4e798c4

SHA256
994ee365ab168bb15e71654fb2bd2ad738afa0b03a3323ec4139264cad04ef11

SHA512
99eab6d6fe22aff2ba952e1e2e8b8a34184631c8ef37cb40561b84a7b1b67fbf0bf6cb58544ac41d89e68cc30eff285a2d52f0d23ef69f70b5bb6c166bdd4f86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
2730311fdb87ae86ab84ea2dbf9c817f

SHA1
d22f95a0689c26b0257cd30f429596d7b166b017

SHA256
110094a286c968d5762a2072fab02233d05fbafe6d891a71216a3392828c8174

SHA512
ec6da767e20cfc38d8b793f4d555fd09129740c9bc1cc1d5f3ec347bd2ac61bd33976791930a11b2fd4121b81faee988afbcdb3a4b628734ccebddcc17d2a435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1d488b5f7e5e80fcb3bd6c9266d84bf0

SHA1
2cefa1d511c08fed0d2a9ccd911d0077989d07a2

SHA256
968c8fe9e1ea3be44da5268f6d723a46aa6e55584d9f32cf4f26eec4f3f1e0df

SHA512
718889157073c286ba8217aa9e9189937c963372f510e80b1cff3e3533f1e5da93d6158309b247f62d5e008a8e1273b9e849072caf1024cac034d42d4be3ce04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
3e388122c65876985a4af51eaa66efb6

SHA1
65601f5fd5712cb0f4c88d76d754e7ecc6f54709

SHA256
62e5ebf2a79c9651568e35ebc9ce214c3636260051c9ea6a3379787518bd1d5f

SHA512
1707d2e9f3eba510f0b9c699534803ab5d83d825f91b8c84f598fea1d9935320957fcf7db9511684dcc08b7a26bde400ff71c55fd8b93ee5d548706119e05d5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
25234a570fe42b01a5029b9b16fe540d

SHA1
85a9c6acd653f7be2a8d095f9dddf3e01f27a2c6

SHA256
43cc044cfa13247f3cdcfa276640f58ff54ebfdf37f2d05f9ac261618ff40c3d

SHA512
b726a9b22f3e91c40527f514163e0579d77bb3f4a4b177f626b94516ef6d07f724e83599f969ff828651337babee34fd3408925ba4e9fa749f03a7eec7b5da0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
1eefea3b39e39bec1278d667e9fcf690

SHA1
64d37a80b5af282890eef4e79ad184dfba49546b

SHA256
4e813c56dfe0f16b21e1ea84352b58c2f7d08a80f7dca68759a12f39cda9036d

SHA512
441320ef7b9eb9fd9b67e6eafb47dd2da020d196e92c425f0369136732ccb8652a855d78233102026041ed30a451f2dced781ffb1ac4b2257cb50a4474ff8237

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
77295a2bbfdd74e6fe24c0ff9a90a4bf

SHA1
95c843e5e489478c9a8b047333cd2b44e49b6054

SHA256
77c1e1136a613d9e010b7175d98d7ebda06bfea1fc1e81e4fe173db2f538432d

SHA512
bd2d3b31909302e928038b4b8389a3040257725ee7f9ef29bd2a43eeb01ef73faec029e601bd300960a19f05649dfcaf12cc155c6b23360c13eb00a82f8ef549

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
31a52588aa855619bfea410c36dd4226

SHA1
5f12452b014f4a5474312ed338b3fe97d81552ce

SHA256
acf5e6d9429fc7ce5e27eb5dab8d60a95d854f67a14fa49207543f07d370ad12

SHA512
f4020bb94d8bde67b3b5f2bb822de8376111a4d68e51d6b3ca101d7d5d6e48960274d4b9d3a6a8b3a5097f90c884de2a800a47389a2329d105b61e80f1a7bc91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7a3dbbeca30f5e14b7b4ef95d50b5439

SHA1
acfb74cd6a3c836c3da362ec6a3765b0ef0770fa

SHA256
96e3db8fd1d501a1d66911042a4bdd09321c22bf8d8773baf314083153a7f0d6

SHA512
09fb6a2f8855cba292800d56f8071ecea427d644ff67c8d4589254ae998973d7614f75277f9674075be8bb9cf712f1098a08ba6c5a553882880b3abf103197a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
18e031c8db7b77d09dd112890e95d927

SHA1
bdeee7f8b3beaff338524ad0e88a1ba91bc1aaf5

SHA256
947b68b0d6ac89934f63585778d709bc60daab2dd56e1f68df18c8bd020e5ebc

SHA512
cb300aea6ea48542f80c4cef8e54e78c010221025253342ebc6be16e3f78a0463e70a5b0760fb2216cccffd02dc9a0348303f3fe09b4b0e87c1f3297220ec615

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
d2a0b2d51db8fef6afdc9c12d62d51fc

SHA1
99c21973bee0f8156d82645acfef99a2b729236d

SHA256
21c66539268e7ea947f07984b6173a2331ec29c1173423660f88ff55b4b7d3fa

SHA512
c52417168286aeb101b7c164ae16801c25dbac8003ea3a400ec89e65e5149c308d1c6ef96c56bf354f23299888554cd4d47ec6b6dbe3958cba684f333a9dfa34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a32ca5ba44e08056b503311d25b3a80f

SHA1
ed0408813b1a5de27fb467271f3d0182968e3f62

SHA256
61e75786a0df3617524558931e0dc90d71308e64a596925673be52d2dfdd07f0

SHA512
2b5668fd38a2e4cc68b6f3d59aebba5cf848aab7541c1b8583c6c39963095d1d4c46e1b28f06c8800286845c3b7487e209324e8f2b0d71103fa55af071ccb64d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
47d17e5beeb0040e90c1b246098f9f27

SHA1
070d5065becd5b2d4038f7c9585c803e005d094c

SHA256
f3f9276a1efd30713ed5604393774de4e448b92847ad2c1589f021b14033027f

SHA512
399862f2900bac4f9ffa55551800326673d0cfa8622303e156739a0cf87e728d4177aa657ed2e87342c213f3d21faf3023436ccd2ee2bf7a813307cff43cf233

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f83c0c3f2877daa69312d2071d732bac

SHA1
6f9fe2016df9b194566bfc51015c6af1c45f2967

SHA256
92520b0d36e59594975593733525b7f08a1dfba03882909a5c78fb11325c3820

SHA512
b7e2bacdda838e423e58c6074879ddbcaea7881407bfeeb80d89e1cb58e3a6cffdd2e7cea52f386e32002fa99fb538933623473974045bd9fafcefa1476ca003

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
24a1cb61e5ed1dd8de1267a47749ea1c

SHA1
fd0f78710de24c42626decee403b65606368f5a2

SHA256
1608940061fd43d1036cd72c437efd3a7f70f3f62bba6d49a0e3c0bdb7c7d5a1

SHA512
87adc3aebc53080f41892ad27a67b56362290222c11238a5be78a59083241d900c06ad34865a3cc8ebb23683cd021edc274f2869959334ecdb54b3abc491823d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
acc70a69a7536274608a2ed8deebe040

SHA1
da25cb743ba44020b8d1c6941f18e26209f0cacc

SHA256
6a6b083373583d4cb5d2493c2bd2acb09d8efb0a9026fa9592b51cf0416d5a3f

SHA512
4dc77333d728380e96fb5935d0ccf911ce0f3ede86ddb23e53dfd8f6ac66151f9d7dcac71ce2d73ad37d75c22620473fe7ba2f3a937dc64527b2195d26d4e6e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e9f37aa6457fed78004f785063601957

SHA1
3bff8bccca03d7f36e3dcae5e5c04fd0d060004f

SHA256
f5d38a2ef2fd5aebdaa08082ae4afb3c0bb33ae314facfb828de52311850bb94

SHA512
c2a14bfad1d0cfaeb4b6ff711dd07213da50bd0f45dc3b07b447532ab403a836c4d0d1aa9db185d6872983764b49ad50f882eb1b6e8d1e50f1112b1578422600

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
25da3a29d941a842a68a03a0ac466ef7

SHA1
e49932150c12487a1f0a531d39da617cc7359e19

SHA256
3556c428e987b7a7daf547e021c05b95887df10409e988fa106963a267c37015

SHA512
3bc6c5f32d898ef5bb2308c94bd49e40532343f7fc2005bcdfa2989a5287777b8579bcffd1671ad075d11cb45799bb9346ab9f66e5ef9ec00b54ce7e42c98a79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ed0d8edb77a9f6cf914c6c202bbbe1ea

SHA1
f7454a830d1bc62b330a1bba2f1f0933fc2f28aa

SHA256
18e19864fedda1170e7a9d740a644d3d8676d34f41136777a0db49580ab8b37c

SHA512
e0211f961d5e9e9a852456939ddf33d5798d26d347a4ccab1cb6087a925ce3eabebbcde8fffeb1bb97ae11b42e87e42638931164db64fa8e02abff503bc7ef16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
707d6666f6545b822d73ce03471f78ce

SHA1
0b53bf65376a8c008b8b91d5240e2cb57f432792

SHA256
ceb37ac4b2447ee72695ca6217fe4d4bcab243b46921d9f7b0cc48f96088c21f

SHA512
cae8cf8c965fbd4dc3c70bf4fe0803c0b8d22bec7501e879872693329adecffcdde75f166317dbcd518438cc031e8476c538c7e10e2199c3101e81f9d6fd6465

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6a099653aa2c71c1376321a1b901e787

SHA1
5a86afddd0ce09283be91d82ee348511b4fece2d

SHA256
912d616a56a45f28cef67ebbf1a783d236694eb5134d7cf9a74e6b02920bdc96

SHA512
ab01d11397163a80ea99d34e995cf91ac7dcbd508ac1f4b70e67c4932f04c1fa7bad5687e0eed84a62e32f162432723effc085e4dd9f846da8795ba54517199e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d64c499128d6422c049f7f8b05148a82

SHA1
8a215868797d0d6d207043c29481fafb2f5ec0c0

SHA256
d492aec1574807af68122b3cce6e0daf23e5a53c3c02dc8f48bb8b295886b068

SHA512
62ef3e6ed5929e93981decfae52ec828477168aa683da77d5ee53ce0420b359bc21f7142f49c46094678a5be70b9dae4be841a9fa3013ac940a0dcb6b01957af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7892b715a58bbbef6bb37497827ae942

SHA1
d0c8e28ed283ff43ea00d9344d0db79eea6cfc9d

SHA256
3db3fa8046e352debc23469f5cb5f1c906d8e6b0beb3ef93e84d6877ee1b29b4

SHA512
240fdaf1d2cbfb2cfea291f5e593863902c99c54e50d8c714350cbd8e539e6b634c638fef62612a5212623ed73db7c7d79f7206bd31d9fb7418c4b8210031fb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
643d8020706784361101866217e883f7

SHA1
875a156436ea583f9223b661cb1af9231fdb0c7c

SHA256
241079b28a54e7700c2caa835ca82a508fca1e0d5de81fca4edb187ed9d0b69b

SHA512
b4d961e477ef1b05a0c0dd1b668fd77beefc588291915b0ba88310b748c60e0df5ae5dccb0b3a4169fe464170bb59470d51bf1ccb49a3a623bf68588b8f61312

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0ce1bbbf3c4b84af0c5a395bff84d2e1

SHA1
28a264790b94c66677578f23207f105f663ca5ef

SHA256
37e9f5b987ab0b8a5516b6af59400a96459e22f447b54fc255a3563559f5d30f

SHA512
594eecea278bb492e293eac1099dda6cb5c1e25d3af725f6680c8ebf0c322d65427d8248827bf29a29319e6d94bd539ed13dee20a012306d69693564c1081e8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
dbb02170e8c927cc3b0e59e1248f4ba0

SHA1
84cb08833a1bc60b0e1b660c521ead00fadca1d5

SHA256
324b38833b6927afb468179ed71b31d5178e11cdb3be6ebe09c21d69ad1b2a13

SHA512
f3fcd48cbe7bf5fd4903ce81fddac0eda66bbc61aa71eb4eeeea047e070f2e40e5940ed1e3a74ba9e3ff336a26e826254d7491453fcc0b8b3cf9f9413855db0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c2c3d10b-c085-4dae-ae43-ca2203138352.tmp

Filesize
11KB

MD5
8f6efbbdf05b68ace93731d5f7318ad0

SHA1
b1231a98cc0fee98e93d2398b566eed88cf98c90

SHA256
0bb651b7d84fd68ebd2a5139748f7fb228fe70ddce628d87c51c28890c44a372

SHA512
41c18921b37889ecacec6d125730d51d7fb96408607a3b8860ca75c7875029a2798d940d175dc3fd1dd23988d47ce58a4edd7542d91a71c6748352be9ab49421

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f35d0b81-ff6e-497d-abe0-b94822442281.tmp

Filesize
11KB

MD5
385dd0870e8a1196475f4b882d841e54

SHA1
459068934335f5b6944ac787527984ef2c1c0e23

SHA256
b48d3354d36e4df7ee2a6a1bfba2f3b28737608c31eca0353d3393e7629dd721

SHA512
860de3f9f79764f33dd20c69790c32540b3fa3e1af2b2126a5e9a28293fffeca1a54507553cbf6a6c9ffd4eaa63306c14b69bc341153fadcef44ef5b46f66bdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
734d45c89058e90e6959fffe976e937b

SHA1
720d22a9039bac41b05378a817e185dc9e023901

SHA256
e71743fdedc73ae0995f4bebf6f792d1b9a83d2a99235e2028efb0a496146aeb

SHA512
5dcfd8b8ec6dba3cd69eb1be1a0c4caecae0a33f772c8746dbfaac9346b041941db2642467275934cd2de396a24c2a98a4550f6bec911637b627575b59b6e0b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
e61762702833969f9e5224d4c4a6d62b

SHA1
7b1c4344a15ed6bb7c8a6bc67a5875b17aa1a1f8

SHA256
060fd3ef14741faf06ee1eeaa13a1c787ee4dedd059a243efc2da7e9607543af

SHA512
c586d091dfd41e37f85c7ef67d58eb161ffc2f1511e4e3cc143e8627b63a06741895f208c5a59b4f77da57b7b46fc1d5b4ea304915443269e9bca894682afbea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a1e3348f-fe11-433a-a473-8987a4a42255.tmp

Filesize
233KB

MD5
98033fbfbc9535d9204bb6ce79bc9f5d

SHA1
16ddbc1faa55e410daa31c4aba661232805a18f5

SHA256
a90224273bc9d9d8a66b13f40542ac7a76afeebe592491a263fcccaf438dbbe7

SHA512
dc9c0df540b78533a7a56287231f3b9f549b45b136a038c7bef308d72fa40fbe11f1548b2b6ab9ef976e9a32c35c9f64e91ee91eda5ea3ad3105be6688cb1890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UY5AB2A3\user-event[1].json

Filesize
16B

MD5
7363e85fe9edee6f053a4b319588c086

SHA1
a15e2127145548437173fc17f3e980e3f3dee2d0

SHA256
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

SHA512
a2fd24056e3ec2f1628f89eb2f1b36a9fc2437ae58d34190630fe065df2bbedaf9bd8aee5f8949a002070052ca68cc6c0167214dd55df289783cff682b808d85

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg6EB9.tmp\INetC.dll

Filesize
21KB

MD5
2b342079303895c50af8040a91f30f71

SHA1
b11335e1cb8356d9c337cb89fe81d669a69de17e

SHA256
2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f

SHA512
550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg6EB9.tmp\System.dll

Filesize
12KB

MD5
792b6f86e296d3904285b2bf67ccd7e0

SHA1
966b16f84697552747e0ddd19a4ba8ab5083af31

SHA256
c7a20bcaa0197aedddc8e4797bbb33fdf70d980f5e83c203d148121c2106d917

SHA512
97edc3410b88ca31abc0af0324258d2b59127047810947d0fb5e7e12957db34d206ffd70a0456add3a26b0546643ff0234124b08423c2c9ffe9bdec6eb210f2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg6EB9.tmp\nsProcess.dll

Filesize
4KB

MD5
05450face243b3a7472407b999b03a72

SHA1
ffd88af2e338ae606c444390f7eaaf5f4aef2cd9

SHA256
95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89

SHA512
f4cbe30166aff20a226a7150d93a876873ba699d80d7e9f46f32a9b4753fa7966c3113a3124340b39ca67a13205463a413e740e541e742903e3f89af5a53ad3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1748_1231976202\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\gdi32.dll

Filesize
433KB

MD5
8a3b829ab189b17d05014b9a572a4434

SHA1
c00eab2460a8752e51b04c94e2936323ee209514

SHA256
ac79b99e800006a123022d2df1ac71dbfc75274ed9e249c5088efd7fa6eaf97e

SHA512
30deea9d11a979ed53f430eab1932d0f37d72e96307d1eacf8eb532d6041b8bf96084f410686d12579d077d6850c6ed5eb19a979ae95265bf71143c2582a2c61

Download Submit
C:\Users\Admin\Downloads\Wave.zip.crdownload

Filesize
2.9MB

MD5
cddd47a88a12fe8603c7e4596b074a22

SHA1
71a06f8b7e980b7a680c035152e850003cbfe772

SHA256
99d371e765044abacbdce60b8c52dd374b4c9d14aeaa894acb1a7a988dc632b0

SHA512
173d26844e5249b17877df7d31b5b0cbc3afd00068ace80590ca0f1c2f0cde5f4ef258ec4dd10172d0a19961568915b149e4a559f8444bf0ab3e8fa7fa7f3772

Download Submit
memory/568-1203-0x0000000001190000-0x00000000011F3000-memory.dmp

Filesize
396KB

Download
memory/568-1200-0x0000000001190000-0x00000000011F3000-memory.dmp

Filesize
396KB

Download
memory/2388-1109-0x0000000000950000-0x00000000009B4000-memory.dmp

Filesize
400KB

Download
memory/2388-1113-0x0000000000950000-0x00000000009B4000-memory.dmp

Filesize
400KB

Download
memory/2388-1110-0x0000000000950000-0x00000000009B4000-memory.dmp

Filesize
400KB

Download
memory/2640-1101-0x00000000004F0000-0x00000000005B4000-memory.dmp

Filesize
784KB

Download
memory/2640-1102-0x0000000000F60000-0x0000000000F66000-memory.dmp

Filesize
24KB

Download
memory/2772-1172-0x0000000000CF0000-0x0000000000D54000-memory.dmp

Filesize
400KB

Download
memory/2772-1169-0x0000000000CF0000-0x0000000000D54000-memory.dmp

Filesize
400KB

Download
memory/3340-1150-0x0000000000D30000-0x0000000000D93000-memory.dmp

Filesize
396KB

Download
memory/3340-1147-0x0000000000D30000-0x0000000000D93000-memory.dmp

Filesize
396KB

Download
memory/3368-1158-0x0000000000950000-0x00000000009B3000-memory.dmp

Filesize
396KB

Download
memory/3368-1161-0x0000000000950000-0x00000000009B3000-memory.dmp

Filesize
396KB

Download
memory/3704-1183-0x00000000010F0000-0x0000000001153000-memory.dmp

Filesize
396KB

Download
memory/3704-1180-0x00000000010F0000-0x0000000001153000-memory.dmp

Filesize
396KB

Download
memory/3716-1124-0x0000000000F50000-0x0000000000FB3000-memory.dmp

Filesize
396KB

Download
memory/3716-1121-0x0000000000F50000-0x0000000000FB3000-memory.dmp

Filesize
396KB

Download
memory/3716-1120-0x0000000000F50000-0x0000000000FB3000-memory.dmp

Filesize
396KB

Download
memory/4472-1212-0x00000000003A0000-0x00000000003F4000-memory.dmp

Filesize
336KB

Download
memory/4472-1214-0x00000000003A0000-0x00000000003F4000-memory.dmp

Filesize
336KB

Download
memory/4472-1210-0x00000000003A0000-0x00000000003F4000-memory.dmp

Filesize
336KB

Download
memory/5044-1231-0x0000000000EF0000-0x0000000000F53000-memory.dmp

Filesize
396KB

Download
memory/5044-1234-0x0000000000EF0000-0x0000000000F53000-memory.dmp

Filesize
396KB

Download