hxxps://waveexecutor[.]com/WaveTrial[.]rar

Analysis

max time kernel
1385s
max time network
1325s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/04/2024, 16:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://waveexecutor.com/WaveTrial.rar

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
1688	winrar-x64-700.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4018855536-2201274732-320770143-1000\{7E40615E-F1E2-4016-B528-36226C9C445F}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 530898.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
2264	msedge.exe
2264	msedge.exe
4088	msedge.exe
4088	msedge.exe
3476	identity_helper.exe
3476	identity_helper.exe
1316	msedge.exe
1316	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
2180	msedge.exe
2180	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4436	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2524	firefox.exe
Token: SeDebugPrivilege	2524	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe

Suspicious use of SetWindowsHookEx 61 IoCs

pid	Process
1688	winrar-x64-700.exe
1688	winrar-x64-700.exe
1688	winrar-x64-700.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
4436	OpenWith.exe
2524	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4088 wrote to memory of 3308	4088	msedge.exe	84
PID 4088 wrote to memory of 3308	4088	msedge.exe	84
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2472	4088	msedge.exe	85
PID 4088 wrote to memory of 2264	4088	msedge.exe	86
PID 4088 wrote to memory of 2264	4088	msedge.exe	86
PID 4088 wrote to memory of 744	4088	msedge.exe	87
PID 4088 wrote to memory of 744	4088	msedge.exe	87
PID 4088 wrote to memory of 744	4088	msedge.exe	87
PID 4088 wrote to memory of 744	4088	msedge.exe	87
PID 4088 wrote to memory of 744	4088	msedge.exe	87
PID 4088 wrote to memory of 744	4088	msedge.exe	87
PID 4088 wrote to memory of 744	4088	msedge.exe	87
PID 4088 wrote to memory of 744	4088	msedge.exe	87
PID 4088 wrote to memory of 744	4088	msedge.exe	87
PID 4088 wrote to memory of 744	4088	msedge.exe	87
PID 4088 wrote to memory of 744	4088	msedge.exe	87
PID 4088 wrote to memory of 744	4088	msedge.exe	87
PID 4088 wrote to memory of 744	4088	msedge.exe	87
PID 4088 wrote to memory of 744	4088	msedge.exe	87
PID 4088 wrote to memory of 744	4088	msedge.exe	87
PID 4088 wrote to memory of 744	4088	msedge.exe	87
PID 4088 wrote to memory of 744	4088	msedge.exe	87
PID 4088 wrote to memory of 744	4088	msedge.exe	87
PID 4088 wrote to memory of 744	4088	msedge.exe	87
PID 4088 wrote to memory of 744	4088	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://waveexecutor.com/WaveTrial.rar
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc835446f8,0x7ffc83544708,0x7ffc83544718
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9516001325344961748,2492921480691000296,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,9516001325344961748,2492921480691000296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,9516001325344961748,2492921480691000296,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9516001325344961748,2492921480691000296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9516001325344961748,2492921480691000296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9516001325344961748,2492921480691000296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9516001325344961748,2492921480691000296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9516001325344961748,2492921480691000296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9516001325344961748,2492921480691000296,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,9516001325344961748,2492921480691000296,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9516001325344961748,2492921480691000296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9516001325344961748,2492921480691000296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9516001325344961748,2492921480691000296,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,9516001325344961748,2492921480691000296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9516001325344961748,2492921480691000296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2292 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9516001325344961748,2492921480691000296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,9516001325344961748,2492921480691000296,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2092,9516001325344961748,2492921480691000296,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9516001325344961748,2492921480691000296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9516001325344961748,2492921480691000296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9516001325344961748,2492921480691000296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9516001325344961748,2492921480691000296,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6372 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9516001325344961748,2492921480691000296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2092,9516001325344961748,2492921480691000296,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4208 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,9516001325344961748,2492921480691000296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2180
- C:\Users\Admin\Downloads\winrar-x64-700.exe
  "C:\Users\Admin\Downloads\winrar-x64-700.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9516001325344961748,2492921480691000296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:1584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2392

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4436
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\WaveTrial.rar"
  2⤵
  PID:3348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\WaveTrial.rar
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:2524
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2524.0.1077777321\1949255064" -parentBuildID 20230214051806 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4701b07-7913-48ec-8a82-56351c9e08bf} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" 1844 266afb2be58 gpu
      4⤵
      PID:2408
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2524.1.528966075\152451987" -parentBuildID 20230214051806 -prefsHandle 2480 -prefMapHandle 2476 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3de0b259-6554-4232-af74-0a76e41ab814} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" 2492 266a2d88058 socket
      4⤵
      Checks processor information in registry
      PID:1636
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2524.2.1908515436\660667511" -childID 1 -isForBrowser -prefsHandle 3040 -prefMapHandle 2952 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb449fe8-4c5d-4be1-8ce5-56548bc0e08d} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" 3408 266b2b4c058 tab
      4⤵
      PID:4404
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2524.3.585207364\2086070911" -childID 2 -isForBrowser -prefsHandle 3608 -prefMapHandle 3324 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {903d550a-080d-4982-9905-d30a9a0eb613} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" 3336 266a2d79e58 tab
      4⤵
      PID:984
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2524.4.1832881215\1551053266" -childID 3 -isForBrowser -prefsHandle 5328 -prefMapHandle 5324 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a3a6512-dac6-4a96-be21-c234d3be924a} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" 5336 266b5ad5b58 tab
      4⤵
      PID:396
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2524.5.504888015\445596901" -childID 4 -isForBrowser -prefsHandle 5552 -prefMapHandle 5548 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58588436-9b7f-48a5-b5a8-5dbb5c1350c2} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" 5560 266b5ad4358 tab
      4⤵
      PID:3424
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2524.6.2072663745\562924313" -childID 5 -isForBrowser -prefsHandle 5456 -prefMapHandle 5460 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa8f7fa7-322e-4792-8436-004e30bad9d8} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" 5448 266b5ad5e58 tab
      4⤵
      PID:3184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1cc5bd15ba4159835803c29940585026

SHA1
b50e1cf53528526fbc8748ad1007dc116981a1f3

SHA256
5ee74320a8bd1c74d348ac4f183a8df0f5b40f3042e4e786079e20e448c6fe0c

SHA512
0e5b9298e6fdff6de6525426adf4a98ca866613460709cb23091d7dba13c020c01f80ba3db71c4333dfe99a90e8ae93e179acac68384850cb859aa397a361394

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ec1349453473027092e631d826af8e06

SHA1
016198995967066be3902ba194e03dcf892c461a

SHA256
a4f12817445df7291eb231a2e16e07862c85efc1263b178dc8888a90b09e1962

SHA512
948fe84d65f1096b7d84c90d93a774725640b6af3229565d967e631cbf518b192e56468ec9f19cfd846ed6d70ad10b2a8741134456111cd72fe0287e0c03e2c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
184B

MD5
034efac5f3e4467682561cec0cb82311

SHA1
a4f1b97cd1089934905079d9f50741a4410515ad

SHA256
bf4344ef5724014708147db309cb0e0ee0adec04950b2c5122e184909f5bb07b

SHA512
0851dd4bdc72ea2b478897cb6480c1f6b2b4b3dd20114026c9b7489f3185914c55d9fb149715f4fc35f71ccac9d47b250e01bf8b8cd41e8090f59a8d16e4b9a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a4cffb88b5f2fd7870a2d82e4826368a

SHA1
9a5bf35c26bc5bbd2d1e3577d39eedc0ab627ec4

SHA256
3158a25a29aabb0bf482fc12e279b9ac30b1e409e0ed799217a56f6890519b48

SHA512
4bdc8c829e8783c4e9011d7dd2ca56d8029f73970e4664c8bfb153cdad5df5185c86ec06f0cd7d80294c5d8f057572e67d455eae6180ba9de2d5d1e4fff771ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6f96b5a36d6b596e39986fdef8ad5143

SHA1
00d99ef856bb8a3ae687174d722bac604a718238

SHA256
f356e4dbba2ef19144bff1c7109e686dbcbb767ab7cfd8dd23ed2dd386f038e1

SHA512
a8a923d1e63a4e731223244f053475998cb53443777456a85ab8690f7789c38915454c9cb5e68def47fc8615a1e382e25ff7a5c26b142268751049467ec7fccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
002a144c9609cc5901b01b138c8c754e

SHA1
83c9d3cfa44174d07d7624c22075b49e690d23b6

SHA256
7030366aeb621b709ce37f79ac39d00c4b202fd0331ff7733bac11cba7167897

SHA512
e2c0d5b7d7469c38a670a313a7e99c19ce22a1e6231f0991a64e8a617c1cb5727aabf47cccceb584e7f22a62e7895e8769291051d126baea088d6f57704775e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
08e85ae5a58ba942b91bc45f45adab13

SHA1
89bfc074962f5cd80c494c0f02659038aff0bd7b

SHA256
3b4290ade2e1940f198d331f0601c52653f55740b867250d19990636951c567d

SHA512
820e76ec45bf42203e8b388e7bb764f9b04e575264b91dccce54224fe268394fe141adcf12c881aa14d0042fecd4d5d12e86faf0d8aac9875321d2cb80b79bd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f5a7ee6bd1d4add2502b32c3f21848bf

SHA1
9bb24bc67925a76c518dabd349b52579b940ba98

SHA256
244fc427b72cd78f27268a3c2dc2c0f8b58eff402591b207fff822ba93843add

SHA512
7a1d363bea21577f06828797992527659c916f6a84a50aff5a382aaffdca272d76bc2536b0a844f5831cee4297a2a3a909f25785168f9f8c60760eee3b397cd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7acaf3c02186c2de2d6277bf4645bb00

SHA1
738bb9bf2bc77cf424bb7b9882a5c1ef90b4125f

SHA256
1a3572f0872823372f09cfb46086f827954b776c5ac91fe8e3165bc1d3f24a61

SHA512
00094ea75c7c6b52b61b93acf15b6b970ef74d35dc2ae66a683f11476475964b0453b1c2874ae634fb78e1de9c271c6e9e08ce28f7114fd58a5df5e4ae40c68d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
42c7eb5435038e5df8947002b3bc1f89

SHA1
a0335c254a8ae303a3176e64d4ef8adc73d10ee6

SHA256
55c5f19b825abaa20a31349a394bdbe197b7eac6a6e9cd3561a29d7ea37d4f35

SHA512
978f9748a708f733a06c4b3d32e4aeae268545207e03654b26e591f38ea32439641db80f415035a0ead50aca13d9cbb83d7f5e9379bfc9dc65cec60a1314ee9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
d1bdaed2a3eb4a632a90e609aa72a6d3

SHA1
0efea4934f51be6f4f5b0d5008e649bb6c54d174

SHA256
f605d8432322b92c86ae155241ca34b24fbfa5b3b3d0d9f4fc61f5e521dd74f8

SHA512
7f2c88933550e9de31cd805de2458fcc42bd616305de94643a4fd917196f7edf2b3365db628c2b6186adcfa167e26c4b75ae8a68a831ffa007a3f6ed1f12a8aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
92ae143e9fb4e9531c3a3b333bc8ec85

SHA1
352c6c45ba278ca38bde0984b138a16729eb2db3

SHA256
652296522cbd65b8ba9ca45e362670d0246851799cce8dab4e3a38e227277a9a

SHA512
6e5192ecc301781a047c621829c14299965b3b79485f32c574ae6d41022bf739fd33ad8b2c10493e0987f75a3a9222b0b05fc6cce51271cfb441d7a3340ad347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
71a29d8744ef5a4402dda6e412d72c10

SHA1
958dfbe98a2634f78d01537b4a4290c0e2c2ce40

SHA256
34e31232b084ac02f2b49d3671b07af2f722b5be972b0dfcbcdb5e638c4001db

SHA512
c9febe643e4faadd23838cf8db36b78ac1939f4050f4d72628f2f1f0e38ddf27cfac2687a3f255cacabed6205ec074914dfd6b280c5023eabe9bb2dc026dfcb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c87b.TMP

Filesize
536B

MD5
ec6a627ca271ded29b70bdfbbd714cc5

SHA1
c6db339ebe28604e9ca61620bcca811373aa40c0

SHA256
23d39186d1da732096168345bb3d32b4444a8a9117d09abc486770f512936c42

SHA512
f38a32e85dc04537969cd64ed78acac1ac756f38452919c2a40074fffe51e47f916218d45d0ca80ea2b31db2d908337cf1e6495eef09a6b0c249f4052694b072

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
62b9fd062eec4bb7a63d1183efb751f1

SHA1
acfe8e8955402dd7439eef9a21102558cfbb787c

SHA256
4636f8793fc1cd98143a8a142744041c710ab73a17ae7be520cf41d55c32aa62

SHA512
632e0d99a8b93e0eaa4b9acefcab63923aee3a6dc8d8e70ae390b79e053a95618e332bf3021b5b6bc9d344cc5b03752052bb922104cf6f448ea9df177bb6d56f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8c10ae506f5a52299147a74b48e48a69

SHA1
b15c2b1a0d5722fde8ca245c367e8fe0be88ad00

SHA256
20e6ca1119f85b0d87b32e0aa42d573128b318f599610d0608b5d08a1049dd33

SHA512
b2e53e79a9f4c9f50a6922dff616cf4556187dd0b73031706ebf14f813a063341fcf5eb01226ac19298c6c494f4dbcf156f699b659cefbcf58c77cc1682b1c6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9fef03bb94ebd6aebdbcc1afc789dd27

SHA1
ee786db35222793b287dd55e1292537fd9d2d189

SHA256
dd893f923a80b102435a07ad15ad50a8bd22bf5a6ed06666532d345c00fd9762

SHA512
4e94ab5465c264ce6c8187d806100436104e6e56b36c9cdeed870d4cb266c968c27c02f9a7e892c913de7e177f6523274af475953e02ceebbaeaa249ac4cae1c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nzxw1g49.default-release\activity-stream.discovery_stream.json.tmp

Filesize
26KB

MD5
d385ba4027c8a72a15616d61ca2a0a2c

SHA1
38b99b4a3f8f00f922f85afd0388640da7f3a39e

SHA256
52e1d9db01f3d80bcef14e4aa302ef9bf76105f8f909bce0e47547fa683efb91

SHA512
9a162e88e6dd28f329844f84c6f3534328e028bb7d69f6de3ff54b4085b4c85c8aab0144aab56af54a950f1413633c8c4ee2f6ecf3bbc0e54e0d3014744a9da2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nzxw1g49.default-release\activity-stream.discovery_stream.json.tmp

Filesize
26KB

MD5
d8b5247120060baf522bd2300fdc157e

SHA1
115d6defaf00f3f53a6d84b8a8cd6af28b46f618

SHA256
42761c2c75be559bb77ec69be3c6b34dd501cdccead8644e38fe6d6e69b69b7b

SHA512
e83de2e09a954cf2e24b2e1f5ccdbef14a551b535c4e82b244321b5f1fcf071d8fd978501e265e0cadfdfcc54f5ef5e43dcf47b96249950ec0860375ee6256af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs-1.js

Filesize
6KB

MD5
e316cd420732309f24b8e09d7c6d66ef

SHA1
439a138f83a7626e5bef6b76b6ea3c8e3e4cfc66

SHA256
c44fe77841276d314fd1121158d5544bb34ed1c5c48b389c0f5971dc1752c36f

SHA512
11028c9a034234f553d4c0e5e01401deee412676869ab00589e221fdbc05b5be992cc51d7ddad932fb2c834c46716e8a2f3e6be7666e4a7d63ae146cafd1236a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs.js

Filesize
6KB

MD5
8e9c7620627db2d740f4afb74f5337a4

SHA1
51ab5d34e2914aeb31362eeed1bb80cef565d406

SHA256
58c2969565cdd79d0cdcb2d28fea37db24dcde1c3cc9be13cad3ac4393db8b29

SHA512
04b5160d249eeca82b11e7cdddca3ef944aa830ae25dcc57e7f473d86ecf7d136634a1858b46d0e0bf575431ab56b0b733f5c9d582318a8cd99ec6ad7f3e1240

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs.js

Filesize
6KB

MD5
a06402399f2307c0ae33690f156e0b66

SHA1
e96086b7e4bb5fdf4f4064035e9d729a34f2ee37

SHA256
a891c5902b33613b0211baf13063c0836fb60a88ad260c6d7539bf200740a297

SHA512
4abb214cbd6bd3c8ee25b424e848e3169c3dbdce980eadf1deaa9654fb9862e0ec187ab3b0acaaf4b47cfde91862fb0dfb4040344630a3c8ad6eb6662ebcea5a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore.jsonlz4

Filesize
628B

MD5
b5ada0c6518a12b757ae976322de4547

SHA1
6ce918807b4fbf5d0bea8b059e0090741d43eba2

SHA256
fa7ccd451e293f4487954e81be8efe1ef514e0ecc61ffac5becc609cebbd53b2

SHA512
5666546e8fb3f8883837192a73510606b55ee62ab51db2ad0b433007596080e1df34ddcd7bb4382ab7aceba2c2727aa6ce84c9705bf5d3d5d75e5566772d226b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 530898.crdownload

Filesize
3.0MB

MD5
bb5dca21d26b15b22523a257e5307829

SHA1
6e6c9aabd43388108e2a8d76697f5ed862f83f16

SHA256
90beebae7a0cfee31209d3a5dddcceaab5f29268832d647911c8221fb9748098

SHA512
b8af94aeb97f7eb17bc7ea21da66777bb5ae15516c9bedcef168558159e1c36b7535a96c989b239712afec08f1419824e76d3053bd311b1f4ac2901b695d0fae

Download Submit
C:\Users\Admin\Downloads\WaveTrial.rar

Filesize
156.4MB

MD5
0159c8632597db4afc30105f24cdd3ea

SHA1
5e80272c6ff0d820cdb0a4f98f7fbf0d558f5957

SHA256
0ff0224edb6a27b5c23adc7fb759864bb3c645f2cf2f38d0a0290c1fa691fdd2

SHA512
587e4dc7ae21036f3aaec3e99955670ef0c457fab23db79b71f0963acc79a1f2eca61b2233b6770672a139b0f8a9ae98ad65bed2431aac476fe7d4e293e666fe

Download Submit
C:\Users\Admin\Downloads\winrar-x64-700.exe

Filesize
3.8MB

MD5
48deabfacb5c8e88b81c7165ed4e3b0b

SHA1
de3dab0e9258f9ff3c93ab6738818c6ec399e6a4

SHA256
ff309d1430fc97fccaa9cb82ddf3d23ce9afdf62dcf8c69512de40820df15e24

SHA512
d1d30f6267349bb23334f72376fe3384ac14d202bc8e12c16773231f5f4a3f02b76563f05b11d89d5ef6c05d4acaacc79f72f1d617ee6d1b6eddab2b866426af

Download Submit