bc1b1046026a172956963ec88c97b55e95dad361f05d17277108090c642a4873

Resubmissions

05/02/2023, 00:08

230205-ae336afb85 10

Analysis

max time kernel
67s
max time network
141s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/02/2023, 00:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Rave-x64-Setup-1.10.4.exe
Size

88.0MB
MD5

f7c54071522424266e73891253ea3a7f
SHA1

7b71bd9c4773e8e9ed971fb5a0520a0fa7313338
SHA256

bc1b1046026a172956963ec88c97b55e95dad361f05d17277108090c642a4873
SHA512

97497609cc92ccb172a94619ae61ba3805a348a019a8ef727a2fa52d2d0c483dce3bbf686f5271ed5c0c13856452a34deb6915bbf6a92211a867b7c3855ac810
SSDEEP

1572864:R4IvBhav0hbgL5ehquI/Ld54LEkoSeq3yZPznKXHJyL9k+udSNP0GMag6fRHGS:R4kjDgFIm/Ze6/JrnEw9k+u6P0GManxT

Score

10^/10

discovery ransomware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Programs\rave-desktop\LICENSES.chromium.html

Ransom Note

<!doctype html> <html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width"> <meta name="color-scheme" content="light dark"> <title>Credits</title> <link rel="stylesheet" href="chrome://resources/css/text_defaults.css"> <link rel="stylesheet" href="chrome://credits/credits.css"> </head> <body> <span class="page-title" style="float:left;">Credits</span> <a id="print-link" href="#" style="float:right;" hidden>Print</a> <div style="clear:both; overflow:auto;"> <div class="product"> <span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span> <span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span> <input type="checkbox" hidden id="0"> <label class="show" for="0" tabindex="0"></label> <div class="licence"> <pre>Copyright(C) 1997,2001 Takuya OOURA (email: [email protected]). You may use, copy, modify this code for any purpose and without fee. You may distribute this ORIGINAL package. </pre> </div> </div> <div class="product"> <span class="title">Abseil</span> <span class="homepage"><a href="https://github.com/abseil/abseil-cpp">homepage</a></span> <input type="checkbox" hidden id="1"> <label class="show" for="1" tabindex="0"></label> <div class="licence"> <pre> Apache License Version 2.0, January 2004 https://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. </pre> </div> </div> <div class="product"> <span class="title">Accessibility Audit library, from Accessibility Developer Tools</span> <span class="homepage"><a href="https://raw.githubusercontent.com/GoogleChrome/accessibility-developer-tools/master/dist/js/axs_testing.js">homepage</a></span> <input type="checkbox" hidden id="2"> <label class="show" for="2" tabindex="0"></label> <div class="licence"> <pre> Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to t

Emails

[email protected]

[email protected])&quot

[email protected]

<[email protected]&gt

[email protected]

<[email protected]&gt

URLs

https://www.apache.org/licenses/

https://www.apache.org/licenses/LICENSE-2.0

http://www.apache.org/licenses/

http://www.apache.org/licenses/LICENSE-2.0

http://mozilla.org/MPL/2.0/

http://www.torchmobile.com/

https://cla.developers.google.com/clas

http://www.openssl.org/)&quot

https://github.com/mit-plv/fiat-crypto/blob/master/AUTHORS

http://www.opensource.apple.com/apsl/

https://github.com/typetools/jdk

https://github.com/typetools/stubparser

https://github.com/typetools/annotation-tools

https://github.com/plume-lib/

http://www.mozilla.org/MPL/

http://source.android.com/

http://source.android.com/compatibility

http://www.apple.com/legal/guidelinesfor3rdparties.html

https://github.com/easylist

https://easylist.to/)&quot

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Control Panel\International\Geo\Nation	Rave.exe

Executes dropped EXE 2 IoCs

pid	Process
1484	Rave.exe
928	Rave.exe

Loads dropped DLL 19 IoCs

pid	Process
1688	Rave-x64-Setup-1.10.4.exe
1688	Rave-x64-Setup-1.10.4.exe
1688	Rave-x64-Setup-1.10.4.exe
1688	Rave-x64-Setup-1.10.4.exe
1688	Rave-x64-Setup-1.10.4.exe
1688	Rave-x64-Setup-1.10.4.exe
1688	Rave-x64-Setup-1.10.4.exe
1688	Rave-x64-Setup-1.10.4.exe
1688	Rave-x64-Setup-1.10.4.exe
1688	Rave-x64-Setup-1.10.4.exe
1688	Rave-x64-Setup-1.10.4.exe
1284	Process not Found
1284	Process not Found
1284	Process not Found
1284	Process not Found
1284	Process not Found
1484	Rave.exe
1484	Rave.exe
928	Rave.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 12 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Temp\nsy10B5.tmp\7z-out\resources\app\resources\images\halloweenIcons\desktop.ini	Rave-x64-Setup-1.10.4.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\nsy10B5.tmp\7z-out\resources\app\resources\images\halloweenIcons\Rave_Witch\desktop.ini	Rave-x64-Setup-1.10.4.exe
File created	C:\Users\Admin\AppData\Local\Temp\nsy10B5.tmp\7z-out\resources\app\resources\images\halloweenIcons\Rave_Zombie\desktop.ini	Rave-x64-Setup-1.10.4.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\nsy10B5.tmp\7z-out\resources\app\resources\images\halloweenIcons\Rave_Zombie\desktop.ini	Rave-x64-Setup-1.10.4.exe
File created	C:\Users\Admin\AppData\Local\Programs\rave-desktop\resources\app\resources\images\halloweenIcons\desktop.ini	Rave-x64-Setup-1.10.4.exe
File created	C:\Users\Admin\AppData\Local\Programs\rave-desktop\resources\app\resources\images\xmasIcons\desktop.ini	Rave-x64-Setup-1.10.4.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\nsy10B5.tmp\7z-out\resources\app\resources\images\halloweenIcons\desktop.ini	Rave-x64-Setup-1.10.4.exe
File created	C:\Users\Admin\AppData\Local\Temp\nsy10B5.tmp\7z-out\resources\app\resources\images\halloweenIcons\Rave_Witch\desktop.ini	Rave-x64-Setup-1.10.4.exe
File created	C:\Users\Admin\AppData\Local\Temp\nsy10B5.tmp\7z-out\resources\app\resources\images\xmasIcons\desktop.ini	Rave-x64-Setup-1.10.4.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\nsy10B5.tmp\7z-out\resources\app\resources\images\xmasIcons\desktop.ini	Rave-x64-Setup-1.10.4.exe
File created	C:\Users\Admin\AppData\Local\Programs\rave-desktop\resources\app\resources\images\halloweenIcons\Rave_Witch\desktop.ini	Rave-x64-Setup-1.10.4.exe
File created	C:\Users\Admin\AppData\Local\Programs\rave-desktop\resources\app\resources\images\halloweenIcons\Rave_Zombie\desktop.ini	Rave-x64-Setup-1.10.4.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
960	tasklist.exe

Modifies registry key 1 TTPs 2 IoCs

Modify Registry

T1112

pid	Process
912	reg.exe
2092	reg.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1688	Rave-x64-Setup-1.10.4.exe
960	tasklist.exe
960	tasklist.exe
1484	Rave.exe
1484	Rave.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	960	tasklist.exe
Token: SeSecurityPrivilege	1688	Rave-x64-Setup-1.10.4.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 1796	1688	Rave-x64-Setup-1.10.4.exe	27
PID 1688 wrote to memory of 1796	1688	Rave-x64-Setup-1.10.4.exe	27
PID 1688 wrote to memory of 1796	1688	Rave-x64-Setup-1.10.4.exe	27
PID 1688 wrote to memory of 1796	1688	Rave-x64-Setup-1.10.4.exe	27
PID 1796 wrote to memory of 960	1796	cmd.exe	29
PID 1796 wrote to memory of 960	1796	cmd.exe	29
PID 1796 wrote to memory of 960	1796	cmd.exe	29
PID 1796 wrote to memory of 960	1796	cmd.exe	29
PID 1796 wrote to memory of 1560	1796	cmd.exe	30
PID 1796 wrote to memory of 1560	1796	cmd.exe	30
PID 1796 wrote to memory of 1560	1796	cmd.exe	30
PID 1796 wrote to memory of 1560	1796	cmd.exe	30
PID 1484 wrote to memory of 928	1484	Rave.exe	34
PID 1484 wrote to memory of 928	1484	Rave.exe	34
PID 1484 wrote to memory of 928	1484	Rave.exe	34

C:\Users\Admin\AppData\Local\Temp\Rave-x64-Setup-1.10.4.exe
"C:\Users\Admin\AppData\Local\Temp\Rave-x64-Setup-1.10.4.exe"
1⤵
- Loads dropped DLL
- Drops desktop.ini file(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Rave.exe" | find "Rave.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1796
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Rave.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:960
- - C:\Windows\SysWOW64\find.exe
    find "Rave.exe"
    3⤵
    PID:1560

C:\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe
"C:\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1484
- C:\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe
  C:\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Rave /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Rave\Crashpad --url=https://sentry.prod.wemesh.ca/api/2/minidump/?sentry_key=4aa8566424f24b9dbccd2605f4cd788f --annotation=_productName=Rave --annotation=_version=1.10.4 --annotation=plat=Win64 --annotation=prod=Electron "--annotation=sentry___initialScope={\"release\":\"Rave-win32-1.10.4\"}" --annotation=ver=20.1.4 --initial-client-data=0x324,0x328,0x32c,0x320,0x330,0x147d8ca88,0x147d8ca98,0x147d8caa8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:928
- C:\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe
  "C:\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Rave" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=988 --field-trial-handle=1184,i,14124001371701739364,1937751492759878064,131072 --enable-features=CSSContainerQueries,ChromeWideEchoCancellation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  PID:1796
- C:\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe
  "C:\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors=true --disable-quic=true --ignore-certificate-errors=true --user-data-dir="C:\Users\Admin\AppData\Roaming\Rave" --mojo-platform-channel-handle=1396 --field-trial-handle=1184,i,14124001371701739364,1937751492759878064,131072 --enable-features=CSSContainerQueries,ChromeWideEchoCancellation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  PID:2036
- C:\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe
  "C:\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Rave" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1960 --field-trial-handle=1184,i,14124001371701739364,1937751492759878064,131072 --enable-features=CSSContainerQueries,ChromeWideEchoCancellation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  PID:1564
- C:\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe
  "C:\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --ignore-certificate-errors=true --disable-quic=true --ignore-certificate-errors=true --user-data-dir="C:\Users\Admin\AppData\Roaming\Rave" --mojo-platform-channel-handle=1948 --field-trial-handle=1184,i,14124001371701739364,1937751492759878064,131072 --enable-features=CSSContainerQueries,ChromeWideEchoCancellation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  PID:1424
- C:\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe
  "C:\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Rave" --app-user-model-id=Rave --app-path="C:\Users\Admin\AppData\Local\Programs\rave-desktop\resources\app" --enable-sandbox --disable-background-timer-throttling --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=2156 --field-trial-handle=1184,i,14124001371701739364,1937751492759878064,131072 --enable-features=CSSContainerQueries,ChromeWideEchoCancellation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  PID:1116
- C:\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe
  "C:\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --ignore-certificate-errors=true --disable-quic=true --ignore-certificate-errors=true --user-data-dir="C:\Users\Admin\AppData\Roaming\Rave" --mojo-platform-channel-handle=2600 --field-trial-handle=1184,i,14124001371701739364,1937751492759878064,131072 --enable-features=CSSContainerQueries,ChromeWideEchoCancellation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  PID:848
- C:\Windows\system32\reg.exe
  C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Rave
  2⤵
  - Modifies registry key
  PID:912
- C:\Windows\system32\reg.exe
  C:\Windows\system32\reg.exe ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Rave /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe\" --hidden" /f
  2⤵
  - Modifies registry key
  PID:2092
- C:\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe
  "C:\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe" --type=utility --utility-sub-type=media.mojom.CdmServiceBroker --lang=en-US --service-sandbox-type=cdm --ignore-certificate-errors=true --disable-quic=true --ignore-certificate-errors=true --user-data-dir="C:\Users\Admin\AppData\Roaming\Rave" --mojo-platform-channel-handle=2792 --field-trial-handle=1184,i,14124001371701739364,1937751492759878064,131072 --enable-features=CSSContainerQueries,ChromeWideEchoCancellation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  PID:2136

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514
1⤵
PID:1216

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\rave-desktop\D3DCompiler_47.dll

Filesize
4.7MB

MD5
c4974c924b605bd322c4872d72de90d1

SHA1
20df9433eab24d3291696046646f493794b77cba

SHA256
71d766b4742ca9f7422bb2efc3dc03f2cee509a5a43d241e748cda7aaac24bf4

SHA512
3889648dbb4608ece9c68f1cd5b1601da5b795eade7910764dd4769090cdb209a39acf3986e6e7190745f3bc6b1477a52dfaccb96a7e799eafc0825e2c44a846

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe

Filesize
68.1MB

MD5
089d417d63e370fda87817a2f6f30f93

SHA1
059fc1ff83eb6659714d3684d09d4ae4869cf075

SHA256
c73178ca6fcb35c57c2fdbc2b0cafd1112bfcc459ff58690f6c7fe8d8d93df90

SHA512
dfd845207d50fadae9e42698109c8d4184317e61a515a4327119584b1357012b3c97aff960d175bb0cfa76c2106b6e5a04a4df017873d2d9c1b0415de3a02666

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe

Filesize
68.6MB

MD5
990148ad6b41b3d29a76f0b4b631fed4

SHA1
b622f80f380b5baf5a00ab2fce1caf0025482cfe

SHA256
75049cd086dc9a049d26b397a09d4cefa9f3b88e3b500ad709c84007f4edcb1b

SHA512
a8fe95b2abacbc8f24edb79df3dbb9d7650896d316830a3fcf48cdf6e436bdeb33c19fd2121531e5f08fffa7f70894549e2b813da7ce3597b8fb9aee464da6a2

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe

Filesize
68.6MB

MD5
195861acd147867515624e227ec54e56

SHA1
61f6bb151459ef57e0e1ac3f00e272e86d57c35e

SHA256
ad9dfe3f0db562a1de26082356f9494ef243cc3e283871049ece88b4c9d5ee5a

SHA512
7d3ff11497ade813aa0f9272b2310c832b55aa5c3044ca3274698114174049123833a5ccda515a04229c0f32532021eb896a62bc977aae0f04ce1460a93717ee

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe

Filesize
58.8MB

MD5
76eb210eaa06161381ead6b7c56d363b

SHA1
cdcc99ee66224f6bcc7aec0469bd27249c86f665

SHA256
4771529a1e1a968d025afae8f19240785b64274a5ba6df3a1c44e270900c1992

SHA512
cbefcf30bc3b4b585817c8837ea0a814643b2df2036927d56226a442b8a2cf1321bbac719bf2d27a754da7d18d6f7641f1990125ce380e19a103cb6db6141ce4

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe

Filesize
73.6MB

MD5
b3093c8b3e19939c69d6d400b3cbf6f6

SHA1
6d19e50de77e8fab672d8f69725fe37576079e66

SHA256
54a30a3c6f7084c3cc043b3ffcedbc03fff3a68bd2bb058cac3107b74774f993

SHA512
075ef7239cc232cac3671fbff6f0b0693c21c2ef0e9a41d8fd7cac6b27f4f81377a78703f282d09755870258df5a350a217509b71c9a1a3164b159ee8191b2e5

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe

Filesize
67.1MB

MD5
59e288bf187b5fda4f3f1d0823737a94

SHA1
351e859b293c70dfa3cb5f3ebb094574822fafcb

SHA256
ab33d857f597f0308e11ff12b636561472c83030a6be372b73ea291f931b0e9a

SHA512
83d75ea6f1fad5e964a9071b8d1a1b4aa826f0abb16f8f7ed16abfaf69444f5a5bb618f00cff2114d789c91cde2b7630354e62aec8a4e7e63f2f6e16d1df0285

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\chrome_100_percent.pak

Filesize
126KB

MD5
5c7551a309e5a95bcaafa89e702d2950

SHA1
063111990f3bce8940f75ebec21b4ad542f7519f

SHA256
087ca17945ceaa073b2dfafc02272a7affd70786325d741b7d6cca4f47ee3078

SHA512
e625a51f9c4b38fa32600c47cac8a8d327655d6bafdfefd734150cd3cefde948dbaa4c1003a129abf73f8f40b580beeb361f8ba7e5c057d928d5b656a1f35781

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\chrome_200_percent.pak

Filesize
175KB

MD5
2845f6c02c5f88693e461811d0e7ec3f

SHA1
9e0ef04a853640cc59c66927e1db77c1aa828c76

SHA256
4152d1b1c57c1f55085b8c8dc7eb799c92c318bac2f6f0ca03236445f6dcc9f9

SHA512
c873b3f5e5bcabd18fa55fb8850a10f0ed15408a2923f874a6211c7498f6503073dee7c1ea5df2811b17b824884215bed89a085df6a75a21965c1fbbbf950839

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\ffmpeg.dll

Filesize
2.7MB

MD5
cfdbd5f42f4755c28cf155fed992564e

SHA1
ea131ab71542088c63532947f3f999fa263b59dd

SHA256
1a2d38cddc0f213c6b9f0803b8c927590f54d5687258be32380ce43f5a040677

SHA512
6a1116cc6d8b795376e7c5ce894cc848c533d88db991188983c9a4530e15500baf79b6e97d4c6cd28384ff156b2f6f36206a758ac3890e7bd590ac7a455a4367

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\icudtl.dat

Filesize
10.0MB

MD5
516f6b90d1539bd1eaeaa2fc32dadb92

SHA1
8017789bef98902cdc95c18e67b84378ddd293c0

SHA256
51edd31f6c5d298c662af320424b632172a31e3348cdbb201380636c95ded794

SHA512
db4b5fd7f8a0e0a331ffa7c574d011b059df8654cdc6ee4970f84fda20b88a3b8706f2605d91d19a6dd86d2702cc9542e026a054d28f85c51b676daa8d3f3bb0

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\libegl.dll

Filesize
458KB

MD5
fad2d41eb0f90a839a2498f87f57bddc

SHA1
e8034d433f11dfeb472fefad85c34c3954f0360c

SHA256
6a5ee2e1b278687244f605ac49bb6c9d4f4b5f7b4c806c0a6d850267a8d7c65b

SHA512
9a14e38c8f707d74be5dea5435e173042083c50608acfe207eda79b139126c1791b1e8146152f0c01ba592e2d84124cae1238bec81506e18ed8666f0f4ddbf5f

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\libglesv2.dll

Filesize
7.1MB

MD5
69bbaed59fd00552d69bcba67268e4fd

SHA1
e0abd410772c95b57f3400ef12477a5a6983391c

SHA256
a5f7f6a1e1135b7fa6debf7e41cd3ba78572b01f6b3b4f9e70acff6d4c0c6194

SHA512
b9e670f1c3977f0e05f5526f64b1ae9d64e842e1ef55d909cecf4d9732127182ff717cdcccdab1dae77a53039945ee269812773e1c6cbce171038c6187b84398

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\locales\en-US.pak

Filesize
295KB

MD5
a2ed0e17819c287b824cae5c0ac03af7

SHA1
9694627f89cd65fbb511eacc6c785ab045525ff2

SHA256
c4a2c6a90945868a02ad14b3a994e94b123981d56190bd34cc3cb14f31f2270b

SHA512
a527351a1c61e6ed4e999c6549ec04b2096712644c4e1f28b48872c031c9f0a4bb118c0ceb40dc3a35315ddc7cf244e3c0c03d864a53d4a76f6dcf1b3889c109

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\resources.pak

Filesize
5.1MB

MD5
a048f24972ed127e95494e718cb1c7a2

SHA1
1bd7d334b2ff723d4f042e22d4b6c607bd23173c

SHA256
49b654e7cd5e3a0465132f77151b309f3eb2e4a96467250cd0d392d3947c1a7f

SHA512
0465624a0032eaafaf1ea713a9a8c8b807dd86f4c3e25c8cc9376ad72cc450f3ab468a8c325b75bc2efe483f28074bb59aeae675fd5b3002ddf512b5cfdf63e5

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\resources\app\main.prod.js

Filesize
5.3MB

MD5
caee6794b5dada2f9814fe4d3fec8042

SHA1
171882abd064f168da25196f5ecf9cdf3dd6f300

SHA256
bfadd85bcd5f1f20c6691e2b450ca7f388ecbd2ce932e7d8a3ff2c16d0bbbb74

SHA512
bc72e48fba04d4ebffddeff3da318f07eccb04db8ce67ce8ba13be1cd41cc86622c7a093fbfbc6cb6ef2ea94e1d538f7c7bf4a1e3ca610cc719ed463bf41285e

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\resources\app\node_modules\@seorii\win32-displayconfig\build\Release\win32_displayconfig.node

Filesize
651KB

MD5
6576527014240945450abdd3914d90e2

SHA1
4177ccb1b59294a0da0119a617f9f7202d16aadd

SHA256
99d2c0efa514714b531458a2e250778d17ed19d294ee7ec57387909a5d62115c

SHA512
ca2307a0ea960d3bb08efad72c1dad9f58b2548324a2febcdc012883a90b328d8fef2f81c9ae528d79d80081698daef57e2d68e6b7ba895e49e9eb5281f3b78b

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\resources\app\node_modules\@seorii\win32-displayconfig\index.js

Filesize
22KB

MD5
5e52277c6698f92b9142256171800b47

SHA1
dfb393767d364ca3a0f3f05ae23fbabbc04d861d

SHA256
c2d7e316504edb2f74ea8f7305d855f49d439eb9de835175443d1bbbf0b4d6c0

SHA512
9c1eb80e27ba236464f8d40086641d9dc8dd029c4ad04b9ce299731928545390e2c15684d0e3ec874ac43db55acb595cbe6f0d67a3d3a632b88413eceb8d0b3a

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\resources\app\node_modules\@seorii\win32-displayconfig\package.json

Filesize
784B

MD5
d2da20d197baeb0e0cda34800e0d8605

SHA1
0b411f36069ad93a37367049c2ba1eed4d601b34

SHA256
ff97663eb2c4ee16639428d8d575173edc492c083f7677329f78d7fbf8bd5243

SHA512
17eb65de0019b9e5772552c3d7a588c8ae5d9d9f20c1e52db4b6b1391e5bd9e1a4aa4066fa3bf7e64719b46d53f7f7bc9083a4e6256e7ac8befdb6cf1bf53515

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\resources\app\node_modules\bindings\bindings.js

Filesize
5KB

MD5
13c05ea1a2f638b707aa56eea958810c

SHA1
c93878e75a9f0545f73aa8d6fba3a761c4ceda36

SHA256
8e32a0d37f20bd6f7d5bdbf99d041aa27be47cbbe5172ac13ebf7380a10b3bf6

SHA512
f356619fa479c72086138eed34fbdcf501bb6f263249e5cf3b1069b2d6c120afc32d9b2ee89d9a41b2f516251c8bbf5d9913e78105961a989e136ac03146657f

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\resources\app\node_modules\bindings\package.json

Filesize
472B

MD5
3d9ef01a8ecc1b083ebe7e5c3c1204a1

SHA1
3bf472ce9597ed8132ed2558cda1244785ce236b

SHA256
cee937d6f0ef6b0c6cd0200cf70e868c36583bd9759da6fe34b38c2045f77e39

SHA512
d5fe46b7c4638c71a4f0ab67fe75d4c7f6c4a5ffaaec13a38c5c95456eac2078935824d62aa59d0374a77b19ed56ef2c1ebe3c40e230651ffd9cd986141eaeb8

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\resources\app\node_modules\electron-acrylic-window\dist\bindings.js

Filesize
312B

MD5
e7553f9c9538b3ba41f03064159e1076

SHA1
804eb4fa9f90f54d3714fcbabfb8a86d1bf02479

SHA256
cc3e61575dbf5c333fd62a69e1210e82d86298f4a35088d0ac75c46cdc711ceb

SHA512
61c12fd3631b69d4befbf57c64d51945e57adae578b1e159d620a180045cb39abf7581ad51f89da3ef1901c2df95542da744a4c74c88a9dedb98a7ce6ecdf838

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\resources\app\node_modules\electron-acrylic-window\dist\browserWindow.js

Filesize
14KB

MD5
6a7a120e4c3b878521af31af47574a57

SHA1
5888a8f13f46b21530b9f7a50bc06e0ce559cb2f

SHA256
12e7ee36a43ef33464c59e2f36e0435fac4aee9ef2f582d24768e9a92b7090a3

SHA512
2bca236a879ddcfec9c980960f4559204b5803d9412403084ef8d5ff0b74070c9906c8f374b666e9beef3896e5a8a3927480801c6fdccfcf6239e54071d03af4

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\resources\app\node_modules\electron-acrylic-window\dist\debug.js

Filesize
389B

MD5
3510488c487bbdfa524aead34f8056c0

SHA1
b695848bef628995cfe21d0bfa69b6003531d69f

SHA256
d5244e3974509f24b75abff64fc1c0cc305fc837214860b394dc923e08b267f6

SHA512
39a147643cdaf7e4f5ae3810111304e94731de861bc2dfdf72cf94df6a2d321fb05f6a05e8ebae9a27d8efea709c8b3553bc414c0c03d0ccd0116a77c34b0e29

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\resources\app\node_modules\electron-acrylic-window\dist\index.js

Filesize
514B

MD5
7b118d09626085e571dadea3bbff53d5

SHA1
96ea019f341eebfda6fd4c3711c76f18f1e98883

SHA256
ca4769c1addf5d8abcda1d1eeb204cab16630936670e704dd617cdeb88e641b0

SHA512
2866a253a90f6d1d22daf2a057a2daeede711236af59c890a02c17328c2f630b9c56ae4c9b691c2d145a5361ff8348aab58add3fd8e35c53bacd74263a23756f

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\resources\app\node_modules\electron-acrylic-window\dist\os.js

Filesize
1KB

MD5
9f725cd65714ab0218f88e80fcaef03a

SHA1
9e766e9af5101cab1c2eef96ef03f1b37d0e7fde

SHA256
4087f4e33d81807628e9bfbf6611ad7bb28022034f68b43bb82eeb7bada34be1

SHA512
7b2a67b1cbe8b8ad7dd6ea50824f0162b4fc4345d637dc86a43686f9835062584b02eb0bef6545e4a9596d845c93bd63b13be427f6c7cbae5818ea1d80a6f749

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\resources\app\node_modules\electron-acrylic-window\dist\vibrancy.js

Filesize
6KB

MD5
29c0dd2a8e7c9159b806a8dd5a2aba19

SHA1
85c0ce45e2a244f3beb28e687e134f08ae761092

SHA256
efd98eb112fd02a8456352e98c23b943d9dbbe68abfb911d0d7913dc9a0fe095

SHA512
6f317c59d92dc7df659585aad4d8faf78ec3dc98a1ff979e6fa39f6dcf2bb33fe663aca5caf5d174f681e3b42a6c0658bf05656b82017d11ffeaf98ce6d01c13

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\resources\app\node_modules\electron-acrylic-window\dist\win10refresh.js

Filesize
13KB

MD5
07f0e4c666cf9929a74b4c4c862b02ba

SHA1
68c83dce1cb1e75a472809df8ff0e11f8b326ece

SHA256
8d5c99342ab0b240343aeb151d61223824abac0f1c4d04c7b11deb6c3ccae638

SHA512
5e1ea317e7c238efdf9808649c46e68026d5be5671d8be5e4131f5a2d0dfe196961d20eac2842f65c216790e18a11eac3b1480662ac6a5ef515d337b49462e99

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\resources\app\node_modules\electron-acrylic-window\package.json

Filesize
1KB

MD5
b11d67c4b8e01238a37dc3c106078aee

SHA1
2cc6cafd1ad4091f1f65b791d1434416220cfaa4

SHA256
40e59028faabcfc46ba17c29ae03fa7b7473b5927b07c7aef84069fbc9dbaaec

SHA512
e7af1db88931024d45b389998f3424e202f9c6160d9efbf4bd4db9b452dac7b0b313b920ff32abb13f1a77b38fed42aaf931006290575e49221cec5ff74a8b1c

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\resources\app\node_modules\file-uri-to-path\index.js

Filesize
1KB

MD5
d98f7c699c54e0e90f408a44feb3188b

SHA1
0ffd660201ce0749053d108c53e5606b9da158d6

SHA256
e62293e871bdd5a7449ff3c7956c9536ec1d2ea7369461de77322b5256bb93e7

SHA512
7389081fbf3b16f0ad99f556337679be895e04930e36bfc8f99720e013f28b68bdd4579f11eb41dd4cc7a64a36ec26a6e6539d42d5888696f71e7d2d9c8784dc

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\resources\app\node_modules\file-uri-to-path\package.json

Filesize
505B

MD5
eb504558c70bcbe85d5d1c57500c6d37

SHA1
8319e1ce676a7c41334d8e71165eec209e52a88b

SHA256
4f5e1422fe14c36ceed42f77b90cd53d2ef0506e866880f4704459a2b79a75fb

SHA512
411182c75c0f52c8d80230180d17d679f45ab7e634a6e4566eeafabc2b366bfd8b0dde59099860fc3dc6e23e0e42dc8173e0a10443c72045d8408f6b3107ea6c

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\resources\app\package.json

Filesize
605B

MD5
dfb2a22859d4432584d2660657abaa9c

SHA1
034e58004f6ee8b360cb5eb781506d7763628b7a

SHA256
af5fdaf4208f51a25145307a74d245086668ad825fddacd08d0cb455c169960e

SHA512
aea7b507cf720aff50e062cd389b7e7449b3847e9ef0215087d11d2633a1e35c0d3dece8fae576c7dd096c088484d641bb7ed19895e05882389d75b26594e23b

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\v8_context_snapshot.bin

Filesize
716KB

MD5
25727ffbdf9cc388e7cce38bbfbdb62a

SHA1
4dc875473b0916ecc602e6e0fc851e460f574be9

SHA256
83031cb1ea99bd520eeb4e29683077163ed4359769d84bb78d373475fb95b1cc

SHA512
439c1dfa8e98a0c9eb62269e4722fa8ebef06fe98149fcd95c5f0f516c07d82caa4975ea1dfe3ab1cf011ee5d29d2f67640f36bdc9cb5eee2cf16d50d4260bc7

Download Submit
C:\Users\Admin\AppData\Local\Programs\rave-desktop\vulkan-1.dll

Filesize
849KB

MD5
c002de503aa378f553b9e1b345402451

SHA1
5409719966e070444fad536b12ae6184c2df2bdc

SHA256
7b0befb159850337f15fce2f644af625cad8d6fc0b3d1abaa523da85c986aecf

SHA512
2f22554650835f4b4431e906542f7f7ae16a326e59169751ac4e67a3dc793288588a225a0f2da98938e2f7984d70efa17afb368098755690914cfb80c0bb8fd8

Download Submit
\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe

Filesize
145.3MB

MD5
bdef44ab216a1b6006f3ef3e690e60ed

SHA1
e753e580d6c633b1abf0082e98a984be5ff70b2b

SHA256
7b70753e7091f32f67dbeca9a111c9591de969871e7539981fdc4d9e186eb533

SHA512
4b8344ab32358047c12b16b507eb119da0c02c299794cd8603635100fc268a25cb1e58e7245cfd83573c45bfe555a042a9f8f115daccad375f3d8f1f3b911b6d

Download Submit
\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe

Filesize
145.1MB

MD5
c418fa60b1a2419a82c4e66253ba7093

SHA1
215deb646228bb6dda2d1e5e32221e77f383e4fa

SHA256
a7622022dfef8cf8db24ea5160f2038b2c8e7d5e41a4842f8e0eae76a29f247c

SHA512
a6961fdc4c805987765e29a89450248a35e5eb6c026262bcab68ba3b2179516b56a9b04e793d1e48494dccfebb369229e374f455e9c6cf25fa0dd65af15d6762

Download Submit
\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe

Filesize
143.8MB

MD5
8146a41c07654ff629b49e5406f71f14

SHA1
b768fe219d0926f91da73beea97cabfb7ec315b4

SHA256
44ccde11a46e14a4b332a04b759dbb8b9d21dd42f5302f07040f10b40d0627d5

SHA512
7e0216cbca66e5c43155039ae2e38ce1ed249c8e6f788bc10b35b511790eff0112d52f0c03edf5b0253f34ff759b800d5fad614c3cb6b2e1fa87b0b828a36fc3

Download Submit
\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe

Filesize
143.6MB

MD5
9ea3aae81b8e72f3ed9c4928208c7603

SHA1
7532a32c6651cd4ab6c4534dc51e2e5bf3ff8af0

SHA256
7520e8a1daa143a4dc3d5afce33c18c05ede0778ca5f6fd12e1be0823b52d799

SHA512
f91f1d45f52ed5b7e114697a027e0ff5b4fefab8def88d2fc77f5aab4210342411eff3f40e7817d40bda3eddf1f0b7b7b061d61d489d0ddf422b0d83cfd557bf

Download Submit
\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe

Filesize
141.2MB

MD5
0e18d27c30221bd37dbd86828ce73989

SHA1
64050b99248b18f508929582d425fe2340e5e158

SHA256
2fb6aff5f8d29c91770ba80d2635774dd8b08cc88ce98d97ccc25589e763688e

SHA512
bfbf98b66c8dfd5738f83ee2e88983634cfe3b8d1d0f53e8b0b64eabbace9f91cbbc1c451ab6686dba57b020ec42cc9ab3e2a81d0570a743ed5b3e32bb203bc8

Download Submit
\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe

Filesize
142.0MB

MD5
4466a81e67bce929da43ec8e894f19f0

SHA1
17ebe18041916eaa3095c3b81d6e0f08059e1952

SHA256
ab63fe0b9945b19b6e96c898d0c44eec9671a20911210e3fd000433677bd6839

SHA512
1a3fc4b7e1b00731c3344b7752af3546ec5f5aa00c9b26fb37e0284b96582f912b8061ba226d02dba040b6bd4967327b2f8fcb2d55d73e1f745a35422e41a1d7

Download Submit
\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe

Filesize
141.6MB

MD5
eb13c969daa5f9d71f1e3bcfe3d9efa8

SHA1
7d71500129abcdf909bf67605d86cf74d2392db2

SHA256
b9803f382cc34e48eb836581b1a68063ae7c4024afdd458b467d9c7ed61d91c1

SHA512
da4b1e3154e16be52770752eb04d1d4794c1abae8ebbc082069cbe2faef46f681e90138bf19046bb26a4bfcee01646cec39412d5f1d53bb8c937389f2c32b1d4

Download Submit
\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe

Filesize
141.2MB

MD5
0e18d27c30221bd37dbd86828ce73989

SHA1
64050b99248b18f508929582d425fe2340e5e158

SHA256
2fb6aff5f8d29c91770ba80d2635774dd8b08cc88ce98d97ccc25589e763688e

SHA512
bfbf98b66c8dfd5738f83ee2e88983634cfe3b8d1d0f53e8b0b64eabbace9f91cbbc1c451ab6686dba57b020ec42cc9ab3e2a81d0570a743ed5b3e32bb203bc8

Download Submit
\Users\Admin\AppData\Local\Programs\rave-desktop\Rave.exe

Filesize
106.8MB

MD5
a1e41c843e134c4a31f6c6ebb9e11016

SHA1
94d9a2d010b672d6ec9ae7b78a22a889a023b32d

SHA256
14f0ff6919dac5a0651fbf8223397738aeefc3a530c65f5308c7e9ea320954e1

SHA512
8b9be385eb90eae8cc2abba22b251601807ef1521fded30fdf608d845f541739174679b077043074817ada2505495c227ca2ad09189cf068cb9430fd82b185dc

Download Submit
\Users\Admin\AppData\Local\Programs\rave-desktop\d3dcompiler_47.dll

Filesize
4.7MB

MD5
c4974c924b605bd322c4872d72de90d1

SHA1
20df9433eab24d3291696046646f493794b77cba

SHA256
71d766b4742ca9f7422bb2efc3dc03f2cee509a5a43d241e748cda7aaac24bf4

SHA512
3889648dbb4608ece9c68f1cd5b1601da5b795eade7910764dd4769090cdb209a39acf3986e6e7190745f3bc6b1477a52dfaccb96a7e799eafc0825e2c44a846

Download Submit
\Users\Admin\AppData\Local\Programs\rave-desktop\d3dcompiler_47.dll

Filesize
4.7MB

MD5
c4974c924b605bd322c4872d72de90d1

SHA1
20df9433eab24d3291696046646f493794b77cba

SHA256
71d766b4742ca9f7422bb2efc3dc03f2cee509a5a43d241e748cda7aaac24bf4

SHA512
3889648dbb4608ece9c68f1cd5b1601da5b795eade7910764dd4769090cdb209a39acf3986e6e7190745f3bc6b1477a52dfaccb96a7e799eafc0825e2c44a846

Download Submit
\Users\Admin\AppData\Local\Programs\rave-desktop\ffmpeg.dll

Filesize
2.7MB

MD5
cfdbd5f42f4755c28cf155fed992564e

SHA1
ea131ab71542088c63532947f3f999fa263b59dd

SHA256
1a2d38cddc0f213c6b9f0803b8c927590f54d5687258be32380ce43f5a040677

SHA512
6a1116cc6d8b795376e7c5ce894cc848c533d88db991188983c9a4530e15500baf79b6e97d4c6cd28384ff156b2f6f36206a758ac3890e7bd590ac7a455a4367

Download Submit
\Users\Admin\AppData\Local\Programs\rave-desktop\ffmpeg.dll

Filesize
2.7MB

MD5
cfdbd5f42f4755c28cf155fed992564e

SHA1
ea131ab71542088c63532947f3f999fa263b59dd

SHA256
1a2d38cddc0f213c6b9f0803b8c927590f54d5687258be32380ce43f5a040677

SHA512
6a1116cc6d8b795376e7c5ce894cc848c533d88db991188983c9a4530e15500baf79b6e97d4c6cd28384ff156b2f6f36206a758ac3890e7bd590ac7a455a4367

Download Submit
\Users\Admin\AppData\Local\Programs\rave-desktop\ffmpeg.dll

Filesize
2.7MB

MD5
cfdbd5f42f4755c28cf155fed992564e

SHA1
ea131ab71542088c63532947f3f999fa263b59dd

SHA256
1a2d38cddc0f213c6b9f0803b8c927590f54d5687258be32380ce43f5a040677

SHA512
6a1116cc6d8b795376e7c5ce894cc848c533d88db991188983c9a4530e15500baf79b6e97d4c6cd28384ff156b2f6f36206a758ac3890e7bd590ac7a455a4367

Download Submit
\Users\Admin\AppData\Local\Programs\rave-desktop\ffmpeg.dll

Filesize
2.7MB

MD5
cfdbd5f42f4755c28cf155fed992564e

SHA1
ea131ab71542088c63532947f3f999fa263b59dd

SHA256
1a2d38cddc0f213c6b9f0803b8c927590f54d5687258be32380ce43f5a040677

SHA512
6a1116cc6d8b795376e7c5ce894cc848c533d88db991188983c9a4530e15500baf79b6e97d4c6cd28384ff156b2f6f36206a758ac3890e7bd590ac7a455a4367

Download Submit
\Users\Admin\AppData\Local\Programs\rave-desktop\ffmpeg.dll

Filesize
2.7MB

MD5
cfdbd5f42f4755c28cf155fed992564e

SHA1
ea131ab71542088c63532947f3f999fa263b59dd

SHA256
1a2d38cddc0f213c6b9f0803b8c927590f54d5687258be32380ce43f5a040677

SHA512
6a1116cc6d8b795376e7c5ce894cc848c533d88db991188983c9a4530e15500baf79b6e97d4c6cd28384ff156b2f6f36206a758ac3890e7bd590ac7a455a4367

Download Submit
\Users\Admin\AppData\Local\Programs\rave-desktop\libEGL.dll

Filesize
458KB

MD5
fad2d41eb0f90a839a2498f87f57bddc

SHA1
e8034d433f11dfeb472fefad85c34c3954f0360c

SHA256
6a5ee2e1b278687244f605ac49bb6c9d4f4b5f7b4c806c0a6d850267a8d7c65b

SHA512
9a14e38c8f707d74be5dea5435e173042083c50608acfe207eda79b139126c1791b1e8146152f0c01ba592e2d84124cae1238bec81506e18ed8666f0f4ddbf5f

Download Submit
\Users\Admin\AppData\Local\Programs\rave-desktop\libEGL.dll

Filesize
458KB

MD5
fad2d41eb0f90a839a2498f87f57bddc

SHA1
e8034d433f11dfeb472fefad85c34c3954f0360c

SHA256
6a5ee2e1b278687244f605ac49bb6c9d4f4b5f7b4c806c0a6d850267a8d7c65b

SHA512
9a14e38c8f707d74be5dea5435e173042083c50608acfe207eda79b139126c1791b1e8146152f0c01ba592e2d84124cae1238bec81506e18ed8666f0f4ddbf5f

Download Submit
\Users\Admin\AppData\Local\Programs\rave-desktop\libGLESv2.dll

Filesize
7.1MB

MD5
69bbaed59fd00552d69bcba67268e4fd

SHA1
e0abd410772c95b57f3400ef12477a5a6983391c

SHA256
a5f7f6a1e1135b7fa6debf7e41cd3ba78572b01f6b3b4f9e70acff6d4c0c6194

SHA512
b9e670f1c3977f0e05f5526f64b1ae9d64e842e1ef55d909cecf4d9732127182ff717cdcccdab1dae77a53039945ee269812773e1c6cbce171038c6187b84398

Download Submit
\Users\Admin\AppData\Local\Programs\rave-desktop\libGLESv2.dll

Filesize
7.1MB

MD5
69bbaed59fd00552d69bcba67268e4fd

SHA1
e0abd410772c95b57f3400ef12477a5a6983391c

SHA256
a5f7f6a1e1135b7fa6debf7e41cd3ba78572b01f6b3b4f9e70acff6d4c0c6194

SHA512
b9e670f1c3977f0e05f5526f64b1ae9d64e842e1ef55d909cecf4d9732127182ff717cdcccdab1dae77a53039945ee269812773e1c6cbce171038c6187b84398

Download Submit
\Users\Admin\AppData\Local\Programs\rave-desktop\resources\app\node_modules\@seorii\win32-displayconfig\build\Release\win32_displayconfig.node

Filesize
651KB

MD5
6576527014240945450abdd3914d90e2

SHA1
4177ccb1b59294a0da0119a617f9f7202d16aadd

SHA256
99d2c0efa514714b531458a2e250778d17ed19d294ee7ec57387909a5d62115c

SHA512
ca2307a0ea960d3bb08efad72c1dad9f58b2548324a2febcdc012883a90b328d8fef2f81c9ae528d79d80081698daef57e2d68e6b7ba895e49e9eb5281f3b78b

Download Submit
\Users\Admin\AppData\Local\Temp\nsy10B5.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsy10B5.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsy10B5.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsy10B5.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsy10B5.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsy10B5.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
\Users\Admin\AppData\Local\Temp\nsy10B5.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/1484-100-0x000007FEFB731000-0x000007FEFB733000-memory.dmp

Filesize
8KB

Download
memory/1688-54-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

Filesize
8KB

Download