Resubmissions
07/05/2024, 12:48
240507-p18yvsba33 807/05/2024, 12:30
240507-ppqm5sfg5t 807/05/2024, 12:09
240507-pbxvashg57 9Analysis
-
max time kernel
1050s -
max time network
1049s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system -
submitted
07/05/2024, 12:30
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Downloads MZ/PE file
-
ACProtect 1.3x - 1.4x DLL software 2 IoCs
Detects file using ACProtect software.
resource yara_rule behavioral1/memory/1932-2856-0x00000000738D0000-0x00000000738D9000-memory.dmp acprotect behavioral1/files/0x001900000002ae87-2789.dat acprotect -
Executes dropped EXE 64 IoCs
pid Process 2236 extra-ram_softradar-com.exe 4580 extra-ram_softradar-com.tmp 1504 ExtraRAM.exe 2856 Setup (1).exe 1932 Wave Browser.exe 2940 SWUpdaterSetup.exe 4480 SWUpdater.exe 3880 SWUpdater.exe 1884 SWUpdaterComRegisterShell64.exe 1788 SWUpdaterComRegisterShell64.exe 4460 SWUpdaterComRegisterShell64.exe 2664 SWUpdater.exe 796 SWUpdater.exe 2796 SWUpdater.exe 4948 WaveInstaller-v1.3.16.1.exe 4764 setup.exe 492 setup.exe 3096 nseD4C6.tmp 1876 setup.exe 2220 setup.exe 1512 wavebrowser.exe 3644 wavebrowser.exe 956 wavebrowser.exe 4892 wavebrowser.exe 5140 wavebrowser.exe 400 wavebrowser.exe 5336 wavebrowser.exe 5988 wavebrowser.exe 6000 SWUpdater.exe 5184 wavebrowser.exe 5236 wavebrowser.exe 5252 wavebrowser.exe 5152 wavebrowser.exe 5172 wavebrowser.exe 5192 wavebrowser.exe 5176 wavebrowser.exe 5352 wavebrowser.exe 5644 wavebrowser.exe 5652 wavebrowser.exe 5128 wavebrowser.exe 5304 wavebrowser.exe 5904 wavebrowser.exe 1060 wavebrowser.exe 5800 wavebrowser.exe 5872 wavebrowser.exe 4368 wavebrowser.exe 2124 wavebrowser.exe 5444 wavebrowser.exe 5864 wavebrowser.exe 3120 wavebrowser.exe 5816 wavebrowser.exe 5336 wavebrowser.exe 5748 wavebrowser.exe 828 wavebrowser.exe 4544 PcAppStore.exe 5548 wavebrowser.exe 5448 Watchdog.exe 5436 wavebrowser.exe 4984 wavebrowser.exe 5924 wavebrowser.exe 1060 wavebrowser.exe 6172 wavebrowser.exe 6352 wavebrowser.exe 6664 wavebrowser.exe -
Loads dropped DLL 64 IoCs
pid Process 2856 Setup (1).exe 2856 Setup (1).exe 2856 Setup (1).exe 2856 Setup (1).exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 1932 Wave Browser.exe 4480 SWUpdater.exe 3880 SWUpdater.exe 1884 SWUpdaterComRegisterShell64.exe 3880 SWUpdater.exe 1788 SWUpdaterComRegisterShell64.exe 3880 SWUpdater.exe 4460 SWUpdaterComRegisterShell64.exe 3880 SWUpdater.exe 2664 SWUpdater.exe 796 SWUpdater.exe 2796 SWUpdater.exe 2796 SWUpdater.exe 796 SWUpdater.exe 2856 Setup (1).exe 2856 Setup (1).exe 2856 Setup (1).exe 2856 Setup (1).exe 2856 Setup (1).exe 3096 nseD4C6.tmp 2856 Setup (1).exe 3096 nseD4C6.tmp -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Registers COM server for autorun 1 TTPs 55 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ThreadingModel = "Both" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\CLSID\{1BE9D40C-2307-4213-830E-7E3CE9EDF0C2}\LocalServer32\ = "\"C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\SWUpdaterOnDemand.exe\"" SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32 SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32\ThreadingModel = "Both" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32\ThreadingModel = "Both" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\CLSID\{30FB944E-9455-49DD-81C6-7542E47AA3E7}\LocalServer32\ = "\"C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\SWUpdaterOnDemand.exe\"" SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\CLSID\{3C41B0C4-B5B6-4293-BED4-C927CCFDB909}\LocalServer32 SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32\ThreadingModel = "Both" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\CLSID\{30FB944E-9455-49DD-81C6-7542E47AA3E7}\LocalServer32 SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32\ThreadingModel = "Both" SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32 SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32 SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{9CD78CBC-FD21-4FFF-B452-9D792A58B7C4}\LocalServer32 setup.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32 SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32\ThreadingModel = "Both" SWUpdater.exe Key deleted \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\CLSID\{D12748C8-5013-45E2-9A24-2FB7C2EEFB7C}\LocalServer32\ = "\"C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\SWUpdaterOnDemand.exe\"" SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{9CD78CBC-FD21-4FFF-B452-9D792A58B7C4}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\Wavesor Software\\WaveBrowser\\1.3.16.1\\notification_helper.exe" setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser.dll" SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32\ThreadingModel = "Both" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser.dll" SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\CLSID\{9E0CE9B5-C498-40A8-B7F2-B89AF1C56FFF}\LocalServer32 SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32\ThreadingModel = "Both" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\CLSID\{9E0CE9B5-C498-40A8-B7F2-B89AF1C56FFF}\LocalServer32\ = "\"C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\SWUpdater.exe\"" SWUpdater.exe Key deleted \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ThreadingModel = "Both" SWUpdater.exe Key deleted \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32 SWUpdater.exe Key deleted \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32 SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\CLSID\{1BE9D40C-2307-4213-830E-7E3CE9EDF0C2}\LocalServer32 SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser.dll" SWUpdater.exe Key deleted \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ThreadingModel = "Both" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32\ThreadingModel = "Both" SWUpdaterComRegisterShell64.exe Key deleted \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\CLSID\{3C41B0C4-B5B6-4293-BED4-C927CCFDB909}\LocalServer32\ = "\"C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\SWUpdaterOnDemand.exe\"" SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\CLSID\{D12748C8-5013-45E2-9A24-2FB7C2EEFB7C}\LocalServer32 SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ThreadingModel = "Both" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{9CD78CBC-FD21-4FFF-B452-9D792A58B7C4}\LocalServer32\ = "\"C:\\Users\\Admin\\Wavesor Software\\WaveBrowser\\1.3.16.1\\notification_helper.exe\"" setup.exe -
resource yara_rule behavioral1/memory/1932-2856-0x00000000738D0000-0x00000000738D9000-memory.dmp upx behavioral1/files/0x001900000002ae87-2789.dat upx -
Adds Run key to start application 2 TTPs 5 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Windows\CurrentVersion\Run\Extraram = "C:\\Program Files (x86)\\Extra RAM\\ExtraRAM.exe" ExtraRAM.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Windows\CurrentVersion\Run\Wavesor SWUpdater = "\"C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\SWUpdaterCore.exe\"" SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Windows\CurrentVersion\Run\PCAppStore = "\"C:\\Users\\Admin\\PCAppStore\\PCAppStore.exe\" /init default" nseD4C6.tmp Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Windows\CurrentVersion\Run\PcAppStoreUpdater = "\"C:\\Users\\Admin\\PCAppStore\\AutoUpdater.exe\" /i" nseD4C6.tmp Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Windows\CurrentVersion\Run\Watchdog = "\"C:\\Users\\Admin\\PCAppStore\\Watchdog.exe\" /guid=A3A1C297-EDB6-403A-B657-0094DC11D6D9X /rid=20240507124245.898241329796 /ver=fa.1091c" nseD4C6.tmp -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe -
Enumerates connected drives 3 TTPs 5 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\F: PcAppStore.exe File opened (read-only) \??\D: OperaGXSetup.exe File opened (read-only) \??\F: OperaGXSetup.exe File opened (read-only) \??\D: OperaGXSetup.exe File opened (read-only) \??\F: OperaGXSetup.exe -
Checks system information in the registry 2 TTPs 4 IoCs
System information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName wavebrowser.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer wavebrowser.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName NW_store.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer NW_store.exe -
Drops file in System32 directory 4 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF NW_store.exe File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF NW_store.exe File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF wavebrowser.exe File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF wavebrowser.exe -
Drops file in Program Files directory 18 IoCs
description ioc Process File created C:\Program Files (x86)\Wavesor\Temp\GUMC61E.tmp\psuser_64.dll SWUpdaterSetup.exe File created C:\Program Files (x86)\Wavesor\Temp\GUMC61E.tmp\swupdaterres_en.dll SWUpdaterSetup.exe File opened for modification C:\Program Files (x86)\Wavesor\Temp\GUMC61E.tmp\SWUpdaterSetup.exe SWUpdaterSetup.exe File opened for modification C:\Program Files (x86)\Wavesor\Temp\GUTC62F.tmp SWUpdaterSetup.exe File created C:\Program Files (x86)\Wavesor\Temp\GUMC61E.tmp\SWUpdaterBroker.exe SWUpdaterSetup.exe File created C:\Program Files (x86)\Wavesor\Temp\GUMC61E.tmp\SWUpdater.exe SWUpdaterSetup.exe File created C:\Program Files (x86)\Wavesor\Temp\GUMC61E.tmp\psmachine.dll SWUpdaterSetup.exe File created C:\Program Files (x86)\Wavesor\Temp\GUMC61E.tmp\psuser.dll SWUpdaterSetup.exe File created C:\Program Files (x86)\Extra RAM\is-V6GA3.tmp extra-ram_softradar-com.tmp File opened for modification C:\Program Files (x86)\Extra RAM\unins000.dat extra-ram_softradar-com.tmp File created C:\Program Files (x86)\Extra RAM\unins000.dat extra-ram_softradar-com.tmp File created C:\Program Files (x86)\Wavesor\Temp\GUMC61E.tmp\SWUpdaterCore.exe SWUpdaterSetup.exe File created C:\Program Files (x86)\Wavesor\Temp\GUMC61E.tmp\SWUpdaterOnDemand.exe SWUpdaterSetup.exe File created C:\Program Files (x86)\Wavesor\Temp\GUMC61E.tmp\SWUpdaterComRegisterShell64.exe SWUpdaterSetup.exe File created C:\Program Files (x86)\Wavesor\Temp\GUMC61E.tmp\psmachine_64.dll SWUpdaterSetup.exe File created C:\Program Files (x86)\Wavesor\Temp\GUMC61E.tmp\SWUpdaterSetup.exe SWUpdaterSetup.exe File created C:\Program Files (x86)\Extra RAM\is-DVBUB.tmp extra-ram_softradar-com.tmp File created C:\Program Files (x86)\Wavesor\Temp\GUMC61E.tmp\swupdater.dll SWUpdaterSetup.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\VG wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\PK wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\GL wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\BO wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\SX wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\SJ wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\MZ wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\KW wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\AD wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\NZ wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\HK wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\CG wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\AG wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\BH wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_1416815177\kp_pinslist.pb wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\TW wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\SH wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\NG wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\MY wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\KE wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\SI wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\QA wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\JM wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\EC wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\DJ wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\UY wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\GA wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\manifest.fingerprint wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\AZ wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\VC wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\NU wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\NL wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\LY wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\GY wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\BA wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\manifest.json wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_1843464599\LICENSE wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_1211601080\manifest.fingerprint wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\IN wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\GR wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\CO wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\BQ wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\YT wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\JE wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\EG wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\XK wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\TC wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\PR wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\KP wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\BS wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\BR wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_179134760\manifest.json wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\MV wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\ME wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\IL wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_1416815177\manifest.fingerprint wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\ZW wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\LI wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_1180647089\manifest.fingerprint wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\SC wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\MG wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\KY wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\ER wavebrowser.exe File created C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1512_984910190\GN wavebrowser.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
NSIS installer 2 IoCs
resource yara_rule behavioral1/files/0x001a00000002ac90-747.dat nsis_installer_1 behavioral1/files/0x001a00000002ac90-747.dat nsis_installer_2 -
Enumerates system info in registry 2 TTPs 9 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS wavebrowser.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer wavebrowser.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName NW_store.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer NW_store.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName wavebrowser.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS NW_store.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies data under HKEY_USERS 3 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry wavebrowser.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133595593655036179" wavebrowser.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry NW_store.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE} SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{92333BDA-3022-4A7F-8858-081260EA85DE}\NumMethods\ = "4" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{730EBDF4-7AD2-4516-BF1A-6C6F28C60CF9} SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WavesorSWUpdater.Update3WebUser\CLSID SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{D3C865DD-E36B-432E-9E47-554925B86737}\NumMethods\ = "4" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{0D311A22-BD24-4C7A-8FC1-117F8D62A781}\NumMethods SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{E44DDEE0-3097-499E-9DD5-7D5D5DCC401D}\NumMethods\ = "8" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{E44DDEE0-3097-499E-9DD5-7D5D5DCC401D}\NumMethods\ = "8" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\Interface\{C0151E6C-8D24-485D-BEC8-B6C6C82E26E8}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{E4E159E0-7B9C-4D75-AC11-A80628173DE3}\ProxyStubClsid32 SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\Interface\{D669BD5D-A9B6-47FD-B558-81508AEF48C4} SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{E4E159E0-7B9C-4D75-AC11-A80628173DE3}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{E44DDEE0-3097-499E-9DD5-7D5D5DCC401D} SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{C5E89508-3927-4EF5-A3B3-C479F0D4E36F}\ProxyStubClsid32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WaveBrwsHTM.OJ4IMXDEYEYBCWEHIBNRX4Q32A\Application\ApplicationCompany = "Wavesor Software" setup.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{50363C3E-2FB2-4EC0-A827-CD3314F526C5} SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{3BE77C6E-0029-4F24-B677-32C9E15CD8F1}\ProxyStubClsid32 SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{3BE77C6E-0029-4F24-B677-32C9E15CD8F1}\NumMethods SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WavesorSWUpdater.Update3WebUser.1.0\ = "SWUpdater Update3Web" SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{E4E159E0-7B9C-4D75-AC11-A80628173DE3}\ = "IRegistrationUpdateHook" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\Interface\{97518FC7-7CA2-4921-BC40-F4A07E221C1C}\NumMethods\ = "10" SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{CEF9DF20-AE5B-4A54-B479-9C2AFC1C2683}\NumMethods\ = "16" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{E4E4854F-9D7B-4120-A207-CF52C875F08E}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{E4E159E0-7B9C-4D75-AC11-A80628173DE3}\ProxyStubClsid32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{0D311A22-BD24-4C7A-8FC1-117F8D62A781}\ = "IProgressWndEvents" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{E4E159E0-7B9C-4D75-AC11-A80628173DE3}\NumMethods SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\Interface\{6130C56B-9B2C-4D5D-8160-C7A583B5DC3B}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\Interface\{2C53B9D4-A718-4972-B28E-2E7AF1055602}\ = "IAppVersion" SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\Interface\{DDF98EF0-2728-4A8D-8B0F-32627DC56437} SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{D669BD5D-A9B6-47FD-B558-81508AEF48C4}\NumMethods\ = "4" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{D3C865DD-E36B-432E-9E47-554925B86737}\ProxyStubClsid32 SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{97518FC7-7CA2-4921-BC40-F4A07E221C1C}\NumMethods SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{C5E89508-3927-4EF5-A3B3-C479F0D4E36F}\ProxyStubClsid32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{617E37E1-AC79-4162-BACC-C797A1D31D3E}\NumMethods\ = "5" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{730EBDF4-7AD2-4516-BF1A-6C6F28C60CF9}\ = "IProcessLauncher" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\Interface\{8129608C-48BD-42A6-9EBC-7B0933A5CFA3}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\Interface\{2C53B9D4-A718-4972-B28E-2E7AF1055602} SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\Interface\{E4E159E0-7B9C-4D75-AC11-A80628173DE3}\ = "IRegistrationUpdateHook" SWUpdater.exe Key deleted \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE} SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{D669BD5D-A9B6-47FD-B558-81508AEF48C4}\ = "ICoCreateAsync" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{E4E159E0-7B9C-4D75-AC11-A80628173DE3}\ProxyStubClsid32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WavesorSWUpdater.OnDemandCOMClassUser\ = "SWUpdater Legacy On Demand" SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{3BE77C6E-0029-4F24-B677-32C9E15CD8F1}\ = "IGoogleUpdate3WebSecurity" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{50363C3E-2FB2-4EC0-A827-CD3314F526C5}\ProxyStubClsid32 SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{C5E89508-3927-4EF5-A3B3-C479F0D4E36F}\ProxyStubClsid32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{62A51DF2-CCB8-4DD9-9069-34B8461617FC}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{617E37E1-AC79-4162-BACC-C797A1D31D3E}\NumMethods\ = "5" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WaveBrwsHTM.OJ4IMXDEYEYBCWEHIBNRX4Q32A\Application\ApplicationIcon = "C:\\Users\\Admin\\Wavesor Software\\WaveBrowser\\wavebrowser.exe,0" setup.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\Interface\{617E37E1-AC79-4162-BACC-C797A1D31D3E} SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{B2083DCC-1D29-45E6-8386-BEE1488D11AA}\ProxyStubClsid32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{92333BDA-3022-4A7F-8858-081260EA85DE}\NumMethods\ = "4" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\Interface\{CEF9DF20-AE5B-4A54-B479-9C2AFC1C2683}\NumMethods\ = "16" SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\Interface\{44367D77-92C0-45E8-840D-0C098E650CE8}\ = "IJobObserver" SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\Interface\{E053F7BD-D525-49F4-9ADE-5D7E6FCEE775}\ProxyStubClsid32 SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{C5E89508-3927-4EF5-A3B3-C479F0D4E36F}\NumMethods SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{64A19E70-BCFF-4808-A320-774FD11571E5}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{DA4EFC2D-B243-4BA8-8A14-8937D867B699}\NumMethods\ = "41" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WavesorSWUpdater.OnDemandCOMClassUser.1.0\CLSID\ = "{1BE9D40C-2307-4213-830E-7E3CE9EDF0C2}" SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{6130C56B-9B2C-4D5D-8160-C7A583B5DC3B}\ = "IApp2" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\CLSID\{2B2AD342-8BBC-40AD-AF1B-6887EAB9D3D0}\InprocHandler32 SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\WOW6432Node\Interface\{E4E159E0-7B9C-4D75-AC11-A80628173DE3}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Interface\{C5E89508-3927-4EF5-A3B3-C479F0D4E36F}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdaterComRegisterShell64.exe -
NTFS ADS 14 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 518948.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 559989.crdownload:SmartScreen msedge.exe File created C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe\:Zone.Identifier:$DATA OperaGXSetup.exe File opened for modification C:\Users\Admin\Downloads\download.htm:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 143782.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\Setup (1).exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 831317.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\Wave Browser.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\extra-ram_softradar-com.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\OperaGXSetup.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 304212.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 277505.crdownload:SmartScreen msedge.exe File created C:\Users\Admin\PCAppStore\assets\images\css2?family=Inter:wght@400;500;600;700&family=Open+Sans:wght@400;600;700&family=Roboto:wght@400;500;700&display=swap NW_store.exe File created C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe\:SmartScreen:$DATA OperaGXSetup.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4448 msedge.exe 4448 msedge.exe 4488 msedge.exe 4488 msedge.exe 2368 msedge.exe 2368 msedge.exe 2340 identity_helper.exe 2340 identity_helper.exe 2596 msedge.exe 2596 msedge.exe 3544 msedge.exe 3544 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 956 msedge.exe 956 msedge.exe 3740 msedge.exe 3740 msedge.exe 2856 Setup (1).exe 2856 Setup (1).exe 2856 Setup (1).exe 2856 Setup (1).exe 4480 SWUpdater.exe 4480 SWUpdater.exe 2856 Setup (1).exe 2856 Setup (1).exe 2856 Setup (1).exe 2856 Setup (1).exe 3096 nseD4C6.tmp 3096 nseD4C6.tmp 3096 nseD4C6.tmp 3096 nseD4C6.tmp 3096 nseD4C6.tmp 3096 nseD4C6.tmp 4764 setup.exe 4764 setup.exe 4764 setup.exe 4764 setup.exe 4764 setup.exe 4764 setup.exe 4764 setup.exe 4764 setup.exe 4480 SWUpdater.exe 4480 SWUpdater.exe 4480 SWUpdater.exe 4480 SWUpdater.exe 5448 Watchdog.exe 5448 Watchdog.exe 5448 Watchdog.exe 5448 Watchdog.exe 4544 PcAppStore.exe 4544 PcAppStore.exe 4544 PcAppStore.exe 4544 PcAppStore.exe 4544 PcAppStore.exe 4544 PcAppStore.exe 6024 NW_store.exe 6024 NW_store.exe 6024 NW_store.exe 6024 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
pid Process 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: 33 1696 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1696 AUDIODG.EXE Token: SeDebugPrivilege 4480 SWUpdater.exe Token: SeDebugPrivilege 4480 SWUpdater.exe Token: SeShutdownPrivilege 1512 wavebrowser.exe Token: SeCreatePagefilePrivilege 1512 wavebrowser.exe Token: SeShutdownPrivilege 1512 wavebrowser.exe Token: SeCreatePagefilePrivilege 1512 wavebrowser.exe Token: SeShutdownPrivilege 1512 wavebrowser.exe Token: SeCreatePagefilePrivilege 1512 wavebrowser.exe Token: SeShutdownPrivilege 1512 wavebrowser.exe Token: SeCreatePagefilePrivilege 1512 wavebrowser.exe Token: SeShutdownPrivilege 1512 wavebrowser.exe Token: SeCreatePagefilePrivilege 1512 wavebrowser.exe Token: SeShutdownPrivilege 1512 wavebrowser.exe Token: SeCreatePagefilePrivilege 1512 wavebrowser.exe Token: SeShutdownPrivilege 1512 wavebrowser.exe Token: SeCreatePagefilePrivilege 1512 wavebrowser.exe Token: SeShutdownPrivilege 1512 wavebrowser.exe Token: SeCreatePagefilePrivilege 1512 wavebrowser.exe Token: SeShutdownPrivilege 1512 wavebrowser.exe Token: SeCreatePagefilePrivilege 1512 wavebrowser.exe Token: SeShutdownPrivilege 1512 wavebrowser.exe Token: SeCreatePagefilePrivilege 1512 wavebrowser.exe Token: SeShutdownPrivilege 1512 wavebrowser.exe Token: SeCreatePagefilePrivilege 1512 wavebrowser.exe Token: SeShutdownPrivilege 1512 wavebrowser.exe Token: SeCreatePagefilePrivilege 1512 wavebrowser.exe Token: SeShutdownPrivilege 1512 wavebrowser.exe Token: SeCreatePagefilePrivilege 1512 wavebrowser.exe Token: SeShutdownPrivilege 1512 wavebrowser.exe Token: SeCreatePagefilePrivilege 1512 wavebrowser.exe Token: SeShutdownPrivilege 6812 NW_store.exe Token: SeCreatePagefilePrivilege 6812 NW_store.exe Token: SeShutdownPrivilege 1512 wavebrowser.exe Token: SeCreatePagefilePrivilege 1512 wavebrowser.exe Token: SeShutdownPrivilege 6812 NW_store.exe Token: SeCreatePagefilePrivilege 6812 NW_store.exe Token: SeShutdownPrivilege 1512 wavebrowser.exe Token: SeCreatePagefilePrivilege 1512 wavebrowser.exe Token: SeShutdownPrivilege 6812 NW_store.exe Token: SeCreatePagefilePrivilege 6812 NW_store.exe Token: SeShutdownPrivilege 1512 wavebrowser.exe Token: SeCreatePagefilePrivilege 1512 wavebrowser.exe Token: SeShutdownPrivilege 6812 NW_store.exe Token: SeCreatePagefilePrivilege 6812 NW_store.exe Token: SeSecurityPrivilege 7372 msiexec.exe Token: SeShutdownPrivilege 1512 wavebrowser.exe Token: SeCreatePagefilePrivilege 1512 wavebrowser.exe Token: SeShutdownPrivilege 6812 NW_store.exe Token: SeCreatePagefilePrivilege 6812 NW_store.exe Token: SeShutdownPrivilege 1512 wavebrowser.exe Token: SeCreatePagefilePrivilege 1512 wavebrowser.exe Token: SeShutdownPrivilege 6812 NW_store.exe Token: SeCreatePagefilePrivilege 6812 NW_store.exe Token: SeShutdownPrivilege 1512 wavebrowser.exe Token: SeCreatePagefilePrivilege 1512 wavebrowser.exe Token: SeShutdownPrivilege 6812 NW_store.exe Token: SeCreatePagefilePrivilege 6812 NW_store.exe Token: SeShutdownPrivilege 1512 wavebrowser.exe Token: SeCreatePagefilePrivilege 1512 wavebrowser.exe Token: SeShutdownPrivilege 6812 NW_store.exe Token: SeCreatePagefilePrivilege 6812 NW_store.exe Token: SeShutdownPrivilege 1512 wavebrowser.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 1504 ExtraRAM.exe 1512 wavebrowser.exe 1512 wavebrowser.exe 1512 wavebrowser.exe 1512 wavebrowser.exe 1512 wavebrowser.exe 1512 wavebrowser.exe 1512 wavebrowser.exe 1512 wavebrowser.exe 1512 wavebrowser.exe 1512 wavebrowser.exe 1512 wavebrowser.exe 1512 wavebrowser.exe 1512 wavebrowser.exe 1512 wavebrowser.exe 1512 wavebrowser.exe 4544 PcAppStore.exe 4544 PcAppStore.exe 4544 PcAppStore.exe 4544 PcAppStore.exe 1512 wavebrowser.exe 1512 wavebrowser.exe 1512 wavebrowser.exe 1512 wavebrowser.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4544 PcAppStore.exe 4544 PcAppStore.exe 4544 PcAppStore.exe 4544 PcAppStore.exe 1512 wavebrowser.exe 1512 wavebrowser.exe 1512 wavebrowser.exe 1512 wavebrowser.exe 4544 PcAppStore.exe 4544 PcAppStore.exe 4544 PcAppStore.exe 4544 PcAppStore.exe 4544 PcAppStore.exe 4544 PcAppStore.exe 4544 PcAppStore.exe 4544 PcAppStore.exe 4544 PcAppStore.exe 4544 PcAppStore.exe 4544 PcAppStore.exe 4544 PcAppStore.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 4544 PcAppStore.exe 1504 ExtraRAM.exe 1504 ExtraRAM.exe 1504 ExtraRAM.exe 1504 ExtraRAM.exe 1504 ExtraRAM.exe 1504 ExtraRAM.exe 4488 msedge.exe 4488 msedge.exe 1512 wavebrowser.exe 1512 wavebrowser.exe 1512 wavebrowser.exe 1512 wavebrowser.exe 1512 wavebrowser.exe 1512 wavebrowser.exe 1504 ExtraRAM.exe 4544 PcAppStore.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 4544 PcAppStore.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe 6812 NW_store.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4488 wrote to memory of 1784 4488 msedge.exe 79 PID 4488 wrote to memory of 1784 4488 msedge.exe 79 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4408 4488 msedge.exe 80 PID 4488 wrote to memory of 4448 4488 msedge.exe 81 PID 4488 wrote to memory of 4448 4488 msedge.exe 81 PID 4488 wrote to memory of 4252 4488 msedge.exe 82 PID 4488 wrote to memory of 4252 4488 msedge.exe 82 PID 4488 wrote to memory of 4252 4488 msedge.exe 82 PID 4488 wrote to memory of 4252 4488 msedge.exe 82 PID 4488 wrote to memory of 4252 4488 msedge.exe 82 PID 4488 wrote to memory of 4252 4488 msedge.exe 82 PID 4488 wrote to memory of 4252 4488 msedge.exe 82 PID 4488 wrote to memory of 4252 4488 msedge.exe 82 PID 4488 wrote to memory of 4252 4488 msedge.exe 82 PID 4488 wrote to memory of 4252 4488 msedge.exe 82 PID 4488 wrote to memory of 4252 4488 msedge.exe 82 PID 4488 wrote to memory of 4252 4488 msedge.exe 82 PID 4488 wrote to memory of 4252 4488 msedge.exe 82 PID 4488 wrote to memory of 4252 4488 msedge.exe 82 PID 4488 wrote to memory of 4252 4488 msedge.exe 82 PID 4488 wrote to memory of 4252 4488 msedge.exe 82 PID 4488 wrote to memory of 4252 4488 msedge.exe 82 PID 4488 wrote to memory of 4252 4488 msedge.exe 82 PID 4488 wrote to memory of 4252 4488 msedge.exe 82 PID 4488 wrote to memory of 4252 4488 msedge.exe 82 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamunlocked.net1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4488 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8b5903cb8,0x7ff8b5903cc8,0x7ff8b5903cd82⤵PID:1784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:22⤵PID:4408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:82⤵PID:4252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:2756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4068 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:12⤵PID:3140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:12⤵PID:1204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:12⤵PID:1100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:12⤵PID:1888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5368 /prefetch:82⤵PID:4736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3516 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵PID:856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:12⤵PID:1804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵PID:2000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:12⤵PID:2080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2216 /prefetch:12⤵PID:2004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2832 /prefetch:12⤵PID:1892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:12⤵PID:4916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:12⤵PID:4364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:12⤵PID:5060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:12⤵PID:2024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:12⤵PID:1472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:12⤵PID:2128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6136 /prefetch:82⤵PID:3256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1708 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:3544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:12⤵PID:1100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:12⤵PID:3404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:12⤵PID:3332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:12⤵PID:4500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:12⤵PID:3096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:12⤵PID:852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:12⤵PID:4640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:12⤵PID:3140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵PID:2180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:12⤵PID:2868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:12⤵PID:2604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:12⤵PID:3564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7084 /prefetch:82⤵PID:2996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:12⤵PID:1900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7184 /prefetch:12⤵PID:2596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:12⤵PID:1884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:12⤵PID:3552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6764 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:12⤵PID:3952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:12⤵PID:4628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7316 /prefetch:82⤵PID:968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6596 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6628 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:3740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:12⤵PID:1460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:12⤵PID:2356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:12⤵PID:3108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:12⤵PID:2628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:12⤵PID:4088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:12⤵PID:4480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:12⤵PID:2340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7356 /prefetch:12⤵PID:3720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:12⤵PID:1116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1288 /prefetch:12⤵PID:2316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:12⤵PID:408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:12⤵PID:4788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8060 /prefetch:12⤵PID:4984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:12⤵PID:3892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7392 /prefetch:12⤵PID:3048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:12⤵PID:1008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8264 /prefetch:12⤵PID:4792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:12⤵PID:4052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:12⤵PID:1100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:12⤵PID:3052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7964 /prefetch:12⤵PID:1884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7916 /prefetch:12⤵PID:3128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8012 /prefetch:82⤵PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:12⤵PID:1520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:12⤵PID:2288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:12⤵PID:3756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:12⤵PID:3068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:12⤵PID:3124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7424 /prefetch:12⤵PID:3560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8464 /prefetch:12⤵PID:996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8272 /prefetch:12⤵PID:1524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8836 /prefetch:12⤵PID:1452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8848 /prefetch:12⤵PID:1436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:12⤵PID:3720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8676 /prefetch:12⤵PID:3924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:12⤵PID:3296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:12⤵PID:3440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:12⤵PID:3048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵PID:4492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:12⤵PID:1884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8716 /prefetch:12⤵PID:2464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7624 /prefetch:12⤵PID:1532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7008 /prefetch:82⤵PID:1500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:12⤵PID:3532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8368 /prefetch:12⤵PID:6564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7804 /prefetch:82⤵
- NTFS ADS
PID:7564
-
-
C:\Users\Admin\Downloads\OperaGXSetup.exe"C:\Users\Admin\Downloads\OperaGXSetup.exe"2⤵
- Enumerates connected drives
- NTFS ADS
PID:6208 -
C:\Users\Admin\Downloads\OperaGXSetup.exeC:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=109.0.5097.70 --initial-client-data=0x2e0,0x2e4,0x2e8,0x2bc,0x2ec,0x725c4208,0x725c4214,0x725c42203⤵PID:2088
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version3⤵PID:5004
-
-
C:\Users\Admin\Downloads\OperaGXSetup.exe"C:\Users\Admin\Downloads\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=6208 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240507124325" --session-guid=36398880-306f-465c-a13a-190ec9642bdc --server-tracking-blob=M2FjY2UxYTc0NzQ3YzUyN2Y5NmRmODlkZGFlMjA2MmI4MTUzZjJiYTJmMjQxZGViNjZiZWYzNWM3MmNlNjU0NTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5kb3dubG9hZC1hbmQtcGxheS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL2VkaXRpb24vc3RkLTI/dXRtX3NvdXJjZT1QV05nYW1lcyZ1dG1fbWVkaXVtPXBhJnV0bV9jYW1wYWlnbj1QV05fR0JfU1ZSX0REXzM3MDcmdXRtX2lkPTFjOWU4YzFhOWY2MjQzY2FhMGY3ZTU4MTAyNGE2N2YxJnV0bV9jb250ZW50PTM3MDdfMSIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjExIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcxNTA4NTY3Ny44Mjc5IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkwLjAuNDQzMC4yMTIgU2FmYXJpLzUzNy4zNiBFZGcvOTAuMC44MTguNjYiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fR0JfU1ZSX0REXzM3MDciLCJjb250ZW50IjoiMzcwN18xIiwiaWQiOiIxYzllOGMxYTlmNjI0M2NhYTBmN2U1ODEwMjRhNjdmMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjFkZDg0ZGI5LWY1ZDMtNDI5ZC04N2Q0LWNmMjUzZDlhZTQ5OSJ9 --desktopshortcut=1 --wait-for-package --initial-proc-handle=70080000000000003⤵
- Enumerates connected drives
PID:1740 -
C:\Users\Admin\Downloads\OperaGXSetup.exeC:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=109.0.5097.70 --initial-client-data=0x2cc,0x2d0,0x2d4,0x2a8,0x2d8,0x71424208,0x71424214,0x714242204⤵PID:8148
-
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405071243251\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405071243251\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"3⤵PID:8088
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405071243251\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405071243251\assistant\assistant_installer.exe" --version3⤵PID:5056
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405071243251\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405071243251\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x2a4,0x2a8,0x2ac,0x280,0x2b0,0x344f48,0x344f58,0x344f644⤵PID:3448
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:12⤵PID:7876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8624 /prefetch:12⤵PID:8056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8388 /prefetch:82⤵
- NTFS ADS
PID:7600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8692 /prefetch:12⤵PID:6824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4801676357932956197,11237112931997632915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:12⤵PID:5172
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5036
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1596
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004C81⤵
- Suspicious use of AdjustPrivilegeToken
PID:1696
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:4160
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004C81⤵PID:1732
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1400
-
C:\Users\Admin\Downloads\extra-ram_softradar-com.exe"C:\Users\Admin\Downloads\extra-ram_softradar-com.exe"1⤵
- Executes dropped EXE
PID:2236 -
C:\Users\Admin\AppData\Local\Temp\is-JI6DF.tmp\extra-ram_softradar-com.tmp"C:\Users\Admin\AppData\Local\Temp\is-JI6DF.tmp\extra-ram_softradar-com.tmp" /SL5="$6028E,260343,54272,C:\Users\Admin\Downloads\extra-ram_softradar-com.exe"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4580 -
C:\Program Files (x86)\Extra RAM\ExtraRAM.exe"C:\Program Files (x86)\Extra RAM\ExtraRAM.exe"3⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1504
-
-
-
C:\Users\Admin\Downloads\Setup (1).exe"C:\Users\Admin\Downloads\Setup (1).exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2856 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pcapp.store/installing.php?guid=A3A1C297-EDB6-403A-B657-0094DC11D6D9X&winver=22000&version=fa.1091c&nocache=20240507124208.151&_fcid=17150851074516422⤵PID:2992
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x124,0x128,0x104,0x12c,0x7ff8b5903cb8,0x7ff8b5903cc8,0x7ff8b5903cd83⤵PID:3628
-
-
-
C:\Users\Admin\PCAppStore\Temp\nseD4C6.tmp"C:\Users\Admin\PCAppStore\Temp\nseD4C6.tmp" /internal 1715085107451642 /force2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
PID:3096 -
C:\Users\Admin\PCAppStore\PcAppStore.exe"C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default3⤵
- Executes dropped EXE
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4544 -
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe.\nwjs\NW_store.exe .\ui\.4⤵
- Checks system information in the registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:6812 -
C:\Users\Admin\PCAppStore\nwjs\NW_store.exeC:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x26c,0x270,0x274,0x268,0x278,0x7ff8a126a960,0x7ff8a126a970,0x7ff8a126a9805⤵
- Suspicious behavior: EnumeratesProcesses
PID:6024
-
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1888 --field-trial-handle=1892,i,10350168331215345216,8476415042260057774,262144 --variations-seed-version /prefetch:25⤵PID:6864
-
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --mojo-platform-channel-handle=2092 --field-trial-handle=1892,i,10350168331215345216,8476415042260057774,262144 --variations-seed-version /prefetch:35⤵PID:6980
-
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=2164 --field-trial-handle=1892,i,10350168331215345216,8476415042260057774,262144 --variations-seed-version /prefetch:85⤵PID:6924
-
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --no-appcompat-clear --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\PCAppStore\nwjs\gen" --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1892,i,10350168331215345216,8476415042260057774,262144 --variations-seed-version /prefetch:25⤵
- NTFS ADS
PID:6452
-
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4364 --field-trial-handle=1892,i,10350168331215345216,8476415042260057774,262144 --variations-seed-version /prefetch:85⤵PID:3332
-
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=612 --field-trial-handle=1892,i,10350168331215345216,8476415042260057774,262144 --variations-seed-version /prefetch:85⤵PID:7896
-
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=3728 --field-trial-handle=1892,i,10350168331215345216,8476415042260057774,262144 --variations-seed-version /prefetch:85⤵PID:4756
-
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=452 --field-trial-handle=1892,i,10350168331215345216,8476415042260057774,262144 --variations-seed-version /prefetch:85⤵
- Drops file in System32 directory
PID:3084
-
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --single-argument https://pcapp.store/?p=lpd_av_r8_fastapp&guid=A3A1C297-EDB6-403A-B657-0094DC11D6D9X&oid=13564⤵PID:7728
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\WaveBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\WaveBrowser\User Data" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.3.16.1 --initial-client-data=0x11c,0x120,0x124,0xb0,0x128,0x7ff8a15e48b0,0x7ff8a15e48c0,0x7ff8a15e48d05⤵PID:8064
-
-
-
-
C:\Users\Admin\PCAppStore\Watchdog.exe"C:\Users\Admin\PCAppStore\Watchdog.exe" /guid=A3A1C297-EDB6-403A-B657-0094DC11D6D9X /rid=20240507124245.898241329796 /ver=fa.1091c3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:5448
-
-
-
C:\Users\Admin\Downloads\Wave Browser.exe"C:\Users\Admin\Downloads\Wave Browser.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1932 -
C:\Users\Admin\AppData\Local\Temp\nsrB508.tmp\SWUpdaterSetup.exe"C:\Users\Admin\AppData\Local\Temp\nsrB508.tmp\SWUpdaterSetup.exe" /install "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2940 -
C:\Program Files (x86)\Wavesor\Temp\GUMC61E.tmp\SWUpdater.exe"C:\Program Files (x86)\Wavesor\Temp\GUMC61E.tmp\SWUpdater.exe" /install "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4480 -
C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /regserver4⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Checks whether UAC is enabled
- Modifies registry class
PID:3880 -
C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe"C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user5⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:1884
-
-
C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe"C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user5⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:1788
-
-
C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe"C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user5⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:4460
-
-
-
C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTMzLjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzMuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9IntCNkE2MENDNi0yNkQ0LTQ5REEtQjNDOC02NEZGRTU1MUFBNTl9IiB1c2VyaWQ9Ins4NWY3NGY4OS1kMDE5LTRlMzgtYWJkNS05OTU0YjUxY2VmMzh9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHJlcXVlc3RpZD0iezE5MUQwMzFDLTRCMDItNDE0My1CMkUxLTIzRTZBNDdFQzgxNH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntGNkY2MEFDRS03MUFELTQ2MTAtODBENC05MjUzNzI5RkI0Qjd9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMTMzLjAiIGxhbmc9ImVuIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSI4NzQiLz48L2FwcD48L3JlcXVlc3Q-4⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:2664
-
-
C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /handoff "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1" /installsource otherinstallcmd /sessionid "{B6A60CC6-26D4-49DA-B3C8-64FFE551AA59}"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:796
-
-
-
-
C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" -Embedding1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:2796 -
C:\Users\Admin\Wavesor Software\SWUpdater\Install\{08B4FECC-DF52-48C0-BEFB-8D7CDD3BB021}\WaveInstaller-v1.3.16.1.exe"C:\Users\Admin\Wavesor Software\SWUpdater\Install\{08B4FECC-DF52-48C0-BEFB-8D7CDD3BB021}\WaveInstaller-v1.3.16.1.exe" /installerdata="C:\Users\Admin\AppData\Local\Temp\gui1D18.tmp"2⤵
- Executes dropped EXE
PID:4948 -
C:\Users\Admin\AppData\Local\Temp\nse2055.tmp\setup.exe"C:\Users\Admin\AppData\Local\Temp\nse2055.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\nse2055.tmp\wavebrowser.packed.7z" --wid=tisbnhkn --make-chrome-default --installerdata="C:\Users\Admin\AppData\Local\Temp\gui1D18.tmp"3⤵
- Executes dropped EXE
- Registers COM server for autorun
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4764 -
C:\Users\Admin\AppData\Local\Temp\nse2055.tmp\setup.exeC:\Users\Admin\AppData\Local\Temp\nse2055.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.3.16.1 --initial-client-data=0x2b0,0x2b4,0x2b8,0x280,0x2bc,0x7ff7896ada10,0x7ff7896ada20,0x7ff7896ada304⤵
- Executes dropped EXE
PID:492
-
-
C:\Users\Admin\AppData\Local\Temp\nse2055.tmp\setup.exe"C:\Users\Admin\AppData\Local\Temp\nse2055.tmp\setup.exe" --verbose-logging --installerdata="C:\Users\Admin\AppData\Local\Temp\gui1D18.tmp" --create-shortcuts=0 --install-level=04⤵
- Executes dropped EXE
PID:1876 -
C:\Users\Admin\AppData\Local\Temp\nse2055.tmp\setup.exeC:\Users\Admin\AppData\Local\Temp\nse2055.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.3.16.1 --initial-client-data=0x2b0,0x2b4,0x2b8,0x280,0x2bc,0x7ff7896ada10,0x7ff7896ada20,0x7ff7896ada305⤵
- Executes dropped EXE
PID:2220
-
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --prevdefbrowser=6 --install-type=1 --from-installer4⤵
- Executes dropped EXE
- Checks system information in the registry
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1512 -
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\WaveBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\WaveBrowser\User Data" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.3.16.1 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8a15e48b0,0x7ff8a15e48c0,0x7ff8a15e48d05⤵
- Executes dropped EXE
PID:3644
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1864 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:25⤵
- Executes dropped EXE
PID:956
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --mojo-platform-channel-handle=2132 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵
- Executes dropped EXE
PID:4892
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵
- Executes dropped EXE
PID:400
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3144 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:15⤵
- Executes dropped EXE
PID:5128
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:15⤵
- Executes dropped EXE
PID:5140
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3816 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5336
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4328 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5988
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4572 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:15⤵
- Executes dropped EXE
PID:5184
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4564 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:15⤵
- Executes dropped EXE
PID:5236
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4788 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:15⤵
- Executes dropped EXE
PID:5252
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4912 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:15⤵
- Executes dropped EXE
PID:5152
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5028 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:15⤵
- Executes dropped EXE
PID:5172
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5144 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:15⤵
- Executes dropped EXE
PID:5192
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5260 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:15⤵
- Executes dropped EXE
PID:5176
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5376 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:15⤵
- Executes dropped EXE
PID:5304
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --instant-process --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5492 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:15⤵
- Executes dropped EXE
PID:5352
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6068 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5644
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6188 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5652
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6456 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:15⤵
- Executes dropped EXE
PID:5904
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5852 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵
- Executes dropped EXE
PID:1060
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6776 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5800
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6912 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5872
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7068 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵
- Executes dropped EXE
PID:4368
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7212 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵
- Executes dropped EXE
PID:2124
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3816 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5444
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7360 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5864
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7440 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵
- Executes dropped EXE
PID:3120
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7208 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5816
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7216 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5336
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6148 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5748
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7332 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵
- Executes dropped EXE
PID:828
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7140 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5548
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7456 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5436
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7100 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵
- Executes dropped EXE
PID:4984
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7188 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5924
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5856 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵
- Executes dropped EXE
PID:1060
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4384 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵
- Executes dropped EXE
PID:6172
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7872 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵
- Executes dropped EXE
PID:6352
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8012 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵
- Executes dropped EXE
PID:6664
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8156 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵PID:6460
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8308 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵PID:2540
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8148 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵PID:6812
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8584 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵PID:6804
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7868 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵PID:3096
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8856 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵PID:5972
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8864 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵PID:6544
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9136 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵PID:6716
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9132 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵PID:6960
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9412 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵PID:6932
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9544 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵PID:7096
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9680 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵PID:4840
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9824 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵PID:4948
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=7140 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:15⤵PID:5660
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=7004 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:15⤵PID:2908
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=8880 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:15⤵PID:7132
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=7916 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:15⤵PID:920
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=7940 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:15⤵PID:2796
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=7876 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:15⤵PID:3988
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=7884 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:15⤵PID:1076
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=7112 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:15⤵PID:6196
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4300 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵PID:5396
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=3812 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:15⤵PID:6840
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=6280 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:15⤵PID:5800
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5484 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵PID:3120
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=6048 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:15⤵PID:7264
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7772 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵PID:8024
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7112 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵PID:8012
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=8064 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:15⤵PID:5668
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=5912 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:15⤵PID:7668
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3852 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵PID:5004
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8764 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵PID:7448
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=7092 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:25⤵
- Drops file in System32 directory
PID:724
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7360 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵PID:3892
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8820 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵PID:6708
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=6812 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:15⤵PID:2552
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6448 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵PID:5464
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8840 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵PID:1412
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9212 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵PID:7220
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5620 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵PID:5312
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5780 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵PID:7920
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5624 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:85⤵PID:224
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=8144 --field-trial-handle=1872,i,18358549964331041449,10126861316998068101,262144 /prefetch:15⤵PID:7768
-
-
-
-
-
C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTMzLjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzMuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9IntCNkE2MENDNi0yNkQ0LTQ5REEtQjNDOC02NEZGRTU1MUFBNTl9IiB1c2VyaWQ9Ins4NWY3NGY4OS1kMDE5LTRlMzgtYWJkNS05OTU0YjUxY2VmMzh9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHJlcXVlc3RpZD0iezA2RDU1RTdFLTY4MDctNEIzQS1CM0NCLUE2RDZGOUI1NEUwRH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntFQjE0OUFEMi1DRTRFLTRGNTEtQjdGQy1BMTQ5RkFBNENDQUZ9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMTYuMSIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cHM6Ly9jZG4uc3d1cGRhdGVyLmNvbS9idWlsZC9XYXZlQnJvd3Nlci9zdGFibGUvd2luLzExMTIzOTc1NzgyNDEvNjQvV2F2ZUluc3RhbGxlci12MS4zLjE2LjEuZXhlIiBkb3dubG9hZGVkPSI5ODUxMTI4OCIgdG90YWw9Ijk4NTExMjg4IiBkb3dubG9hZF90aW1lX21zPSIxMTYwNCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjU3NSIgZG93bmxvYWRfdGltZV9tcz0iMTIzMzEiIGRvd25sb2FkZWQ9Ijk4NTExMjg4IiB0b3RhbD0iOTg1MTEyODgiIGluc3RhbGxfdGltZV9tcz0iMTE4ODEiLz48L2FwcD48L3JlcXVlc3Q-2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
PID:6000
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Suspicious use of AdjustPrivilegeToken
PID:7372
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:7436
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc1⤵PID:7468
-
C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /c1⤵
- Checks whether UAC is enabled
PID:8128 -
C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /cr2⤵
- Checks whether UAC is enabled
PID:3564
-
-
C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /ua /installsource scheduler1⤵
- Checks whether UAC is enabled
PID:5856 -
C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /registermsihelper2⤵
- Checks whether UAC is enabled
PID:6092
-
-
C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" -Embedding1⤵
- Checks whether UAC is enabled
PID:3344
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
541KB
MD5296bb95222cadfcf5c032d78d3f52736
SHA12e38782335d4f349383933cab90fa9656d6e3fb0
SHA256d9390e7590630c349cb7c0ec4b5ba8b459d646c3c820d9047ab171f6a77272d5
SHA512ccc393b09f94c1ad01357bcd441b0132602de956bc0a16d646f6bb7b24b0d2c243fa392e6ae5f3483eb546ed07af1c42529623837058ca2eebffa36707fc3754
-
Filesize
64KB
MD52dfea8f2284ea5ebbacf248ba723a497
SHA1db01ac6b1b30f23a63497e2e15f0eee039d71a92
SHA256d8e5aa8571911ab40a8f77a9ffcc4701012b15f73579d2d796d472781cd49f58
SHA51292e05035716c747bf13b3e4caec4bf7e3eea9c0d685c0c0a1fab437da13622c3392deb6534dcbedce5d43b2dbebb2f2da0c5629d506904bd0a0c7dc712fe1da1
-
Filesize
4B
MD5f49655f856acb8884cc0ace29216f511
SHA1cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA2567852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8
-
Filesize
1008B
MD5aa87c29969db353861e9086bd0c23072
SHA1fe618e6d503b0dd2409281e33ddcfc43edfa948a
SHA256f1e59413f48f9c24524694e8d462a3fbc1fd4af9f5b315eb8571ee23e9c00248
SHA512046d576162116376ec9aa9b21a14a442dbffb30a6020235ef5526fc0839543ca8309c8d2c9f6002141c2778d2d7bcb67d07edb21521b181cf10b063a5b77653a
-
Filesize
64KB
MD57119cee8c52ce1ca22890ca45bebba27
SHA1a8292fd51a05a8d6697db3dbb5a15a743019a019
SHA25653178bac0a9f65e4f9a5c5a29dec03d0d34a048aaed4fa8625b68004725bcdeb
SHA512197fd9a7cff0127cdbf3769bd1ec3c0f97f28782e6569f71484d0d459d313c057472b38a94f79b96ca6e5a4ca698c59ad25a929912a641e758f3561480600fcf
-
Filesize
976B
MD55da7aad8df6342db4528ce16b4f4e467
SHA108917ed58cc5bfdfdf2a34de4275356affdf2d2c
SHA256690c594920f91b28ca311b79af9888c924db3b4fd31f3eb7e480045749b65307
SHA512043c94c4695499e7a2047a9ae670942edf21822ff1a0a4c087fa008c64aa983eb2b34ddf27add6cdef091dac2bd7e5e282cb517128f983d51bf47e3391130880
-
Filesize
152B
MD5ade01a8cdbbf61f66497f88012a684d1
SHA19ff2e8985d9a101a77c85b37c4ac9d4df2525a1f
SHA256f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5
SHA512fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b
-
Filesize
152B
MD5d0f84c55517d34a91f12cccf1d3af583
SHA152bd01e6ab1037d31106f8bf6e2552617c201cea
SHA2569a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c
SHA51294764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
67KB
MD5d2d55f8057f8b03c94a81f3839b348b9
SHA137c399584539734ff679e3c66309498c8b2dd4d9
SHA2566e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c
SHA5127bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
37KB
MD5c912655c8d691e1a190dbec03d14e653
SHA1a90a6ea007e121441a0d9c48ea4073a635085f6b
SHA25635e5f055ba3fc9eb6c89884d533f5484fcb335d0e226145d7ea7a6a1e2da6fae
SHA512c606bf2711a2be266c69a702d60bbc0d66dc6655c88dd669932f9c3954941a44d6a09e25bf60272ba5e0ba09ee65f4a3d8bd33a215ed2eb76ed601f06fa984d2
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
Filesize
84KB
MD574e33b4b54f4d1f3da06ab47c5936a13
SHA16e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA51279218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2
-
Filesize
1.2MB
MD55ab2d1f8cd709d40a8ea424bb51be98e
SHA15423cdf5c8eb1f57c0c330617cf2277b1283b6b4
SHA256bfda89ab36691c4c6e8e8db2ee2b4bdccdb4d624410d97889f82c31d176facea
SHA512912b41117f1603d903848822ad61bea5f9561c95049c1c689cb36be40f2cb58f7cc92fae4fd8b47297a127e816c657afa7bbbb3c087c21d80d9bc31639237dc3
-
Filesize
32KB
MD5bbc7e5859c0d0757b3b1b15e1b11929d
SHA159df2c56b3c79ac1de9b400ddf3c5a693fa76c2d
SHA256851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2
SHA512f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea
-
Filesize
75KB
MD5cf989be758e8dab43e0a5bc0798c71e0
SHA197537516ffd3621ffdd0219ede2a0771a9d1e01d
SHA256beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615
SHA512f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7
-
Filesize
28KB
MD5c49153fbd613699caf2c52172413d6fe
SHA18f8da53edfe84cd7f041d30dced27967b4bc59d6
SHA25662ccac6f2792c778235689beccbcb032f8b1d1bcf9d0653e76d67c347ff13b68
SHA512cc447ef118778ecc81f678643466813813aa93cbd3230e2a0851828f7c2bc1bed6307bb3460be19ca376cf63b4ae85ace7a64938f3d4971dc01edd9f496b6dc8
-
Filesize
16KB
MD5361e67c346b9421ab3d0454ef507aaed
SHA10fba1919e937eed391166246c0d03b465fd1b556
SHA256953a909b5434940b74d6cec7ef0372521ca2e1a9587f4ac07852205044639326
SHA5124b387c72e07c3b6d9bcec328a3cd0ab431a630a2209c9c45b00f8642e2fbfd7194299fb1cd4aa8b4b0e9cf57ca26074b840dab602f59395b9647456929662cb6
-
Filesize
33KB
MD558749eab5f4db063c47640b36e2f8ad5
SHA180a02a80d0d457b44ff65f557e0fc7bec4c8a0e9
SHA25659c0f43512346b478001ff87e5a78f6bfddcc33ec9f24517b235ff3a1c9739d6
SHA51262c7c03c7df61e1f8867a2049b89e8486d6d7abe415079a1dedac38328efd8a869643f1b66cf1f867c9ed459b40f6dfed1cd338599a51e82d8ee1591a078678d
-
Filesize
85KB
MD5895f2db556038719ed87450ad201052d
SHA1fcb24c00a264815de96eb710fd5f49fb4f2ae533
SHA2567753d7ae9dd8b1267e0d34909cfd16627d01f99cb3ff00dceb33a5b83d9ca446
SHA512b3f00753e5317f8edf85a4344e4b6d553791f325c7ecd9e8270cc3eb1ded69e9854f2c398c82f57b5cdafbe7529907bef58fbff1d0429e58712f9fb1afea0597
-
Filesize
50KB
MD5c049055501c419b4ed6a1e3c2d6f5d52
SHA151eebf39bb619aafd25539010fc28c13fdb03b30
SHA25670bf4d113dcd67997f8ecd98be41166f86fc921516d2c0ffba57b43a9a1618b1
SHA51205d6c2ffd1e31174288e0ab1183eadab0442727aa0d2dbc915925193be154237a0894de690c033886ee97d84e8a8c60ef5721b29c8eb1ee94b50da3045236431
-
Filesize
139KB
MD59441332e3873c9953e8c8eb6e49b8e9d
SHA111dfe8d14bdfdb33812059d863c5fcd8ed9139f3
SHA256c64908c6d733fd775ef5449d76c90c5e9d67e29a63cae6cb5778a97e1c4bf3ac
SHA512f0031d68d9a21ccc635c428561b399207807b8d500489cf482cb932b1b4db93d3e93c632db87dfabaed02adf425a93bc27d7ba90845820b46fdb9d9fb9d299dc
-
Filesize
64KB
MD5af2854ba8c3c90a6559ec9240f07014a
SHA135855956cce13396918a41f3ff85e27864cbb8bc
SHA2560ad9bca7284f78b93368df4f82f9cf7bfba333f49f2ee4f1d1098c6f4d8eb043
SHA5128d54a9eb379fb4b4f44f8d71c7498d0ab788578f6b49d8dd0f797efe171877bdc54f1ab2faed6ce931629b673b332667416586c6707ca019da57b3f6576ed3ca
-
Filesize
19KB
MD5ba1bc252528a94df68abc4158c30a342
SHA1fdafa2adda170ab9a2473aa741f5ed31a6f256f8
SHA256fd8f7fd869509c751b5e841163cd4ff6dcd42d3fc5d884731f33d30ac647a1e4
SHA5129c0c9b8322343f22f21a42426713c6a8f9a3f63f9bd9362eeca1d30fc4a4d911f828c480ab9b08f45d3c72565209356b1d916c2d8ca9ba6784651b37ccd32583
-
Filesize
20KB
MD53974fa105d64eb833d8b38c8dfd82332
SHA1c021bd6b4063a558d39468e342e5d6df852bb75c
SHA256b1c910c247f8ac50116fd28cdbf5fc3ca100b22f88994382bbd1c647eee185df
SHA512899f3b9bb215ba26ecb99cd07241e8febbeabe4fbcfb5a25d57cca60d306ba99c0075e3ff741d0670f2d2baa4ff62eb0be31153ec69350277b862afe0459f53a
-
Filesize
45KB
MD530a274cd01b6eeb0b082c918b0697f1e
SHA1393311bde26b99a4ad935fa55bad1dce7994388b
SHA25688df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
SHA512c02c5894dfb5fbf47db7e9eda5e0843c02e667b32e6c6844262dd5ded92dd95cc72830a336450781167bd21fbfad35d8e74943c2817baac1e4ca34eaad317777
-
Filesize
19KB
MD5ac1e41e7105986d26bd22c7a3dea83e1
SHA1c3ccf2bcca458f49a6d49033ec89c34ebcc03679
SHA256ebb4e4f1a7912cc620a2c1c8151c27cfc7f43870d3a6eb82078147d79a9bede3
SHA512a6cc080ac0b9e719662b975d4d644563c655fc896bfa85cc94456f2d3117d3eab54423a5f06d6b5e180a9ff792e879860afb7ab5f2e7f682407acccb6c21609f
-
Filesize
33KB
MD5cb68569c733a7572136e0c21ae59baa3
SHA1e6a80afb49bb7d0673259747b3f3829badcaa18c
SHA256dfc55541b0c31631571ccf8a16b71dd84d6743b01956a93718a46349a95e0f80
SHA512bda24e319bbed03c1c40580731966b75facaae194ee2c789323c78a55234d8c501c112cbc8431b65527829cc8f49b19cb0932b655becc856645248eab5ec15a7
-
Filesize
19KB
MD58c913c16fe5bf240c09c7480025e61e2
SHA1578c55e11d122f4c27bf4ecaa31130c919e2c64b
SHA256e00ebd03759eca93392ed5bcfe8863ad5048b4de9146687a4f8bbb87bcc52ecb
SHA5128f49995b0f566bc6ac567757d04983c81fcae459ada02faf6cfd47385d880cab8d3505c0a91831672590147ac6a10bef4aff10a35fb359f945e785e9fc4b0e92
-
Filesize
87KB
MD5e0eff30579598f76147c9ea12f490d21
SHA1f0bf2ef576db440b275bdae3d6abac35e59a33b2
SHA256e70a34c5f232fa80328a361630a994cf847c54deb926f13d40be4807291b657b
SHA512b7d9d5621303aab81b75a8534e9ced3fe0d0ecb100e045fed234219459ae94b530abd9d4c971a1ae842ceeec9ba7a821c5e6775c45142b47dc4b0196901e734d
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
510KB
MD5f5391600d8dc690878e7903f753095cb
SHA142eff414e5de7f185ccb8da2d8eaf2f60beafcaa
SHA256eeb564d8056d2debc312d0a102652acc177ef188db8c1ec847d1e4884279bb48
SHA5129180ca99266dfd79b41cfc333113dd8c6cf4d75e209c784037ec54ec8beb66a3f8cb39e38e9d7d8907108ea1162a643ef8c2f829cf0244939278138c1939a0cd
-
Filesize
41KB
MD5347bc9a9337f7252b8451b1dbf740384
SHA141135e6fe970d70dc7f3c0bc9db742f4f9378b90
SHA25637675c59044ddf34566ee8a9f734e57c9bfdf280e973a99708be2fb66f185f0c
SHA512efac90558e9efec48a0f6a1c27e5eb352dbad497e57c75c85b0d1c605c96e493988d625547bbd9e25fe3e18a7cbeffdc6a405c6f5801bd9140af235175f8047a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize7KB
MD550b03dd8510565c05be078db75980c73
SHA174f9c7528ff0a730781a3b688bd57dc1499ae44d
SHA2567cfb91a52bdb8669f9522717de4526a48056add001fd04d886936497f3bd4493
SHA512e10bb03218f5b82e1229058f0312b26538d62585b5c541435f3b0e178d60237a0e46559236bc4a7ceb6dff14bf2bac4c6467fee22f4f4e6907f557200bf7a3ce
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD54f302dd902f58ac737834904be3a90ad
SHA1cfc337adabe0df75c7e1a88d7e0afaf13d1e3a53
SHA2565a213680388e6b167172e9d3606ed9a2aedb6043d662994b4fe58179c7acaa4e
SHA51296580132d600877e20f7618531863cc9f47366692766436faa74ff8e276793a8b2e7111c21289bee42a48a472692d028f6d2fb0e8870a38bcb8fabc2eeb107fd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize7KB
MD5f2952eccc051eee006c2635004e91904
SHA13660f94c1f15f66b7a7dd4f942076dfa06b99e00
SHA2562a361f1c9717ff7bb3a881423b817fe896c2762372ae05a86ca037187860221d
SHA512376306b9e82449eec12f333b1fa97bb154745277d5e56326317a0876e076f5b98915566471dd68f0185ba93d523790411b7168316515904be3d6d397aa81e614
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize7KB
MD530c222825aecd6b39a5e992e34b502e4
SHA1efca164a8e5e12c6314319cf798aa8f6031a547c
SHA256fac8203348f5bc52d5a4e762b9ff36533f82b1b309569013cc4e050133c1f22e
SHA5123fab0f369042a0e647251cdbaca884ec05c2c9c304f63b9207fb6437a786371205b10e4dac7d030f973b8d00b7cbfa475686ffbed3c7aa6e00057a30f3b6f311
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD52529a0df0ed5c02b4248887695c6ab51
SHA1d0ab91420a32d88e0980ca02e18efbf5b01a6d72
SHA2560bc0c607069365fa3d4bfe0d9b9716caea5aa59e11d1ed0e75307c61876a94c5
SHA512648c0b2034483c1fee595c108139582e1c5891009bfa532a85d045f8a131ac83a006bc3c3b9a08e37bd4912c390248d10739f904fb712f725cc4ed9e210073a0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize6KB
MD5d97f9542448232cfbee2663e88adfc97
SHA1cb95206a48c891e30e5d1c085c59dcaf77ed20c6
SHA2561ce9289b8c6bc24bb0971a59f05154080e66d17fe152d7a8d22b66ca82afaf0b
SHA512d2c0ce79c4670e7b464b51b4e5c8f60020870e24abb1e4871bf9fdee3f31da32bf40b4c43b046921ffa6541d1b2663237ee74c45a00844330c022e2e17b8896c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5457a61aa3d41c3829588eff41b8f8596
SHA12c084bb70cba031562ac9cdf07bf176de150d482
SHA256b860e108fb2773da72d0e2e732101c9103646a4e5f6b118a3d4761a29e11f777
SHA5125ebb81f3eff56e5a7ad1452f509e6c486d04b5d5bebc04b8bd36a526150e5b94f03b13f468229176a3cf01407eed5c916f05e11d6e00be94f69fe38d5f64d660
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize7KB
MD5278af4e314590617a801c7d488a5c10c
SHA1d19135fe0064717df5b52ca31893b68640c6a274
SHA2566f423a6b3521068d88c6eefba9b121a73460779e6cf1f8a5e2cb0fdc8b1a0830
SHA512a6ee378efb0af4d4a61fa12161c22f6c6260099dec73b3a4e0b7e2d632da1a59c7b29135b0d30fe96915d3c2a3e9501a9a0c318716c32ad30a952f91c1d3a97e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize7KB
MD5889690680026896f54791d4aac12e729
SHA1bbfaa3b5b6c4caa16ac23270628f07ea91c91a30
SHA2565adfa478b0d40a5cf6d8d3ba93aa03e0c7a6edf861582656c732637d384aa21b
SHA5129fe6fc522d677c6bd44c2566e87235237ec1a14e6735595790e660a0c037ac5410fdef9aee2acc5fa822a2ae8640adc53f011efd4c13f4762f6a04d2558304d7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5a7f4698ccd2bb2729db26eafe0ce766c
SHA1eb01c02e7277f8e643c159bd7b5f56890cfc785f
SHA25682c48cf6b87763783f64f46528be1f021b477d92800be9e5f1086a93cc4547b2
SHA51234136d427c2c15848500cb470cd905d9816ead49e8da598dc22b2ed6942ad8d1315ee5afbc7f99744bc87d19150b3c654dc2d359d05078f21a3c3fe1c8535532
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD558c497220dc7e186655a99763676f26f
SHA195821b9b3595048f2ee6519eeb8267e9c39ec959
SHA2564ca8a5d4133e870454a930a4c39ceb97199fc363791c9d28fc30361df7084778
SHA512731d178184191cf76df59187f5baaf723d89220d7e605bb58c3addb6ad1de11d6cad58595a17b6e8e9c7fa38098cfe7f99f8f50bdcd796f827636df0c6851db0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize6KB
MD59689295a0c2c930470db64c7fb1c5cc7
SHA1b15400a161d7eaf847742be30090ab748f775513
SHA2561dd08f22e1713a090368b0b16bf36f25b7b97710956b9096ac00344caccfae7b
SHA512845acc03384f10d78961f72696929cabe315c2360ad8ef994c588b25e9681ae4fbd45eca40e8c3382c04fc253d813c413fdc2cbdf0d1fdaac59bd2baec3a1bed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5b1b6a783963c7d8c17cb0c4f7de1a0a8
SHA1ce0cd7630ef9358aaf71861f2f7260ea9c240b23
SHA256607c0ed569316094b123af35f4209cb29a79c23294713cbc317d575bf025a28c
SHA512919c6d6f1cb41aa039fbd547fb08a8dca448775c7bc0e3eef7929241b724ea6b1eba7d8ad6432b25a905000bdd9c89bb635054af696d2a2c1248750184691e94
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize7KB
MD5b9ae36735006ce88cbfd2a92690220ba
SHA1f50ec7b7f272520236ff92751241a0bf761a4c5d
SHA2566abe773b4266ceb4e2f0701e43a363a6a58a78b8abaa21059b94eaa6ebd8444e
SHA512996f34394bb8bfdfeff7c6764898b1e5b1916c14e5229b115b1ae359fbe667d6fc2b7b5e1d87a1845b941883ab195de6f38704dbc3b059c2d14706aec38e4ee7
-
Filesize
12KB
MD5594179f58e8a2afedd47ff6183e36d9a
SHA1870497aee9dd685b0496118a5f52fb77178e0e15
SHA2564d3a93483c35495c6773d14b1607bf46c3cdaa0cbba2e70dc797cc7e985552e2
SHA5122982128f361f918bfdc899add09feeeca78409ee03b0355cff88f88a3c801106b4cc8194422cf1d9ac0f1760e215b29a273dc3619d0b055c70c929936f20bf14
-
Filesize
3KB
MD5ba24f3a74eabc49f13b0157e853302ef
SHA1051c7065bdf62e99eb9185bf7424ca2232693b1a
SHA2566ff489da28d01acc4e04e75d001bb30c68f2f9d720efce16989122ec490258ac
SHA51268fabc9b615f1c988b7f7c1847a4004c5dd667c8d5a739df3080fe860c3c16936c278fc9eea9da6f6b024b2844e8b5a451022704042634e053e2356fef32055d
-
Filesize
10KB
MD5cfcf5314085c910af4c3ffa57d0b4015
SHA16a13275c17d12bb9ad82264f676d9fbf0c7c8964
SHA2560bbc5bacbb7e67cc7c9ef4a90b0eb99de3f39d411be05792b8e634f4e42148ea
SHA5120d77621f87a65d8c0a50a2a8edf9ff9d5c9922b2ab65088df031e443b59707b428ede3b419feb6f43cc893a9f452d5c87d4a53b6fe7721facd480cd53025a3a2
-
Filesize
10KB
MD5e980f449ac4ebaf45826b6fb6ce92ef7
SHA1d6717e478b2f949f0b8ffc8bcfd7eb57ff6ab83c
SHA2561b7454ee093c7dc079b08fdf914e5626d567ded3392be6c004948fcc2f538c73
SHA512323f62ab420a47437fcacd8132f6154b48e26a8cbc028457e61717ea92437822045b42a3c9aa60d8e0d7b25f4518aec19cdf7ddd155d7b543bc540ae9f74cf3b
-
Filesize
5KB
MD51729fc6a7e7e74d797285c0af04af6fc
SHA1e016ea43912e11d7ffcd7edc90215c2b4b80b7c6
SHA256193d02f3875b715994ec7b11ff5608ce1cd91bfdc9fd84e60ab42634a6ffcfcc
SHA5123b36f0ed5448c4e8a9d493c0602fd7686fe6b7cd7e3aede97adbaf29a4cb52a0d80cd87bdfe19372bc22bcaf55bcbf4999f4d0726986945d720abd6539ea8861
-
Filesize
6KB
MD55433ff1e67b8ca89594fca06bf8ab115
SHA1d2e7df7cce29ea9e4ed0aa3205a7ca363d68ea4c
SHA2569a8c0ed5fc68a58c7333e23bd3d9cee03255b77c7d95ff2f1c01979ae528c87b
SHA512f8dbfcde9cdb352704254153f2de7a337c37c33243a874317220f69a5342d578ec4e41c6daadc224b89f69937021f10b56dbcd3d1c57991afc69b346dc325102
-
Filesize
11KB
MD5fb04e784ae15dca9e74410d48751ac82
SHA1ccfdf4ca939865a4d11384f244b9bc10e42baaa0
SHA25685b2c0a56a8242d8c65d0178eeac3850e95ba3131a4faea953cf555eec78e717
SHA51276538fe05107811babf3672a31de6ec91474ebb84e0c903cae434146317ab6b792616b4efc7d9a1f3818c1a525767f2b291aae5a9b38f025ebd3f95901e3a8fd
-
Filesize
17KB
MD5c4c7af70a60af722255eed2bd5c50805
SHA1dd6fca17bfbf158117b35cbc053578c7786d9f58
SHA25664ea0a3609fc8f03d51c21b69ed3f86dec665d268e9b4a4c4b4f28f391d98184
SHA51279035bcd6f6bb9cbeaf1d425e65b0fd8ff822c0dba1f596dcf8992b643e14ded8ac90af7b117fdd3c0cbe5ceada7b7f621bbef7545911b9f4c9bd3e992aa5054
-
Filesize
17KB
MD50bb40b1f0c55960215a182bffdbe7cb3
SHA117f2f520f0d681680d51a11d05905ac89f5f7376
SHA2560ead33c8f7ff6a73fa8fc8551a767b130128b07a10d29a75199c512931e1cffa
SHA512aebcedff88a3b2a11b64414fbdb8fb2accb7b668e3d130cc64cde94708b0aa39fbb7e3c79a478ef099a70c8db54b1ea9f5837b1fdf15479420200103aa07b7f6
-
Filesize
5KB
MD5c4f8df944f7583058f8a93e55fda0eb1
SHA1f6e87123fa0fc107551d0a0b84f0e60178de22b0
SHA256a24351bdac3a1e14af35139644e3f0c94db01b8181edf9f6bd88937bddb4a96c
SHA5125c4197e95870e3ec5b58dd89a14d467399e81a5e65b097a8a641a75b35ed196fe2ad46dacb8321d6e6ec8b011bb47d29f35c7e41cae87851ff97e7a5a05d4c50
-
Filesize
9KB
MD552a03243845078922cc7c569ca90947f
SHA13ea3a42286c90fa643aad9e5ff14b046c6e69430
SHA256d0a2b7a9b12b929d80fec924e0df27710b8062de7c32d28fb1a1fe8a27b7093f
SHA51203c4527e83ffb8a6cb3f067ff924d5555aff110555c7060cebaeaa9342f1ca014c212a09f0fa7e67c21182b1ef6febaea13a1906a2ca766855a22b1be323cba6
-
Filesize
10KB
MD5715d1045689c92d2e539c351a1d9545f
SHA1498d883a615d81ba0e962dd64d055bd640c26c59
SHA256e48e09dab5ca611854758302acaab00a4271ba43e12a50e51149c5611cbfea91
SHA512547466d8ecfdd2f9aada0021b169f2e8f99dd7c2cba784f03f399557d3960e2d26447c58f78d4caeee8b139fd20dc056408ced409045cfdbd182573943832560
-
Filesize
15KB
MD52fbb709093abd0a3e02f28969a517c85
SHA1551f5b1499b82a23d9af540588e0c1050b4da349
SHA2567c38bee5e976989d52002fb354c25b804d7ec177b833cedd4c2b26516dbc7df7
SHA512cb8a73aca403b58ea7881c085b9067658b9b8fa2d23029801e44b97922d86a879046aa1e2625ce17301eb7d23926e311a18e3f7467ba900c38299a313781108d
-
Filesize
17KB
MD50c8565afdd16c31bdb85c20316f670d0
SHA14eb9d617adec000d09e009a49f69e2c93dc4a0f5
SHA256c4d014768570867e60784a0b92de0e675f9267114ba9d5c7badcf676faa36956
SHA5129171621a3b711c7d1f5c55c9980edf32b8ace89c2ca9cd0341416683af0e03f3f8588fd7b5d0f8c9cb08b70e03dcc6232d57590d3b392240256b8ac29c740c49
-
Filesize
6KB
MD5d81d27751d50f9045773ca6129ee5a89
SHA13d8a57c7f881a1beb61314ba5abaa7f19aaebeed
SHA2567305d5517677e6d2ffe5db8c1e442c19631a40e118835b688934b3d33a711305
SHA512749a163b69e4f1d06601fabfd5d2881192fc69e85d899e4b396c275c968a9bcf603c66c0f398969a76e344b31ee6b7d2dacead30bbf036dbbe1c4a96192eb0ab
-
Filesize
9KB
MD5d0c99ebf057347bf8df23ef1df235fd3
SHA17ffe4ff2b4e3f699f74af0a0d8daf885bc27a9e5
SHA256cf668b1f2207ad4f39ac49882ac16163e9a02ba7d212aa19005d86eafa21e5d9
SHA512669a7f0f6bc2e03e7bad61776fc2eabb6a56c515d62aec93dedb08207be15c222f763d84a5ea049a6a1a748827ac7923c0894988494621d126515abc729c260c
-
Filesize
9KB
MD537f372bee6740d2f4a05c87e3073dea5
SHA12c7b7f48c391cb8164a492a01fdcbbb64d58bbea
SHA256c75ff9e2d1dcaff503e335a46c134c28ddbcb11045ed276d4e32193c352ddf94
SHA512aca7af845a5f2a1f1bbc9f86fbf7ec6fc6fd2db4d1c0cbec07cc315bcf1ae922838c210168aee5faa90dfcfd67eb570443c5319da8085d623b73c3c61ad8b416
-
Filesize
11KB
MD53d203fa5dfce4605cbd29e53e5664bbe
SHA146cda314591df05e6c37356fcbc73cf9afbb884a
SHA256e6a2ca3672bc00aba59183b4bd08b7ae0433bfa225fd7da4fc9ab93480431990
SHA5127bb27a9f1e723bc3599a88f6cfb7a87e211214fbedf1ccf2c813bd1f3d45f8323436146855ff3dca713a51c6a52e1b8f56658e67223b8b3b5f5f33defcc271e3
-
Filesize
6KB
MD5b337cdc98ad8389c0cb3eebdcd7333f2
SHA172d0ba129e5aeaec53dbd3965ad328484d03e247
SHA2567c0be7fea4efd01929558c61c293bd353132aca0fa5d3d09cb93b01fdf45455b
SHA5129809bc70f912efc0bf50a457148aec5a51e7514e6abeabdda5b022816bd2aa36ae8f1ef31325df3f5a1e735e9b55613e0dfc7567d8bdde9870e16106c5ed1634
-
Filesize
9KB
MD5bf65b3775e01b4c4d452c5a7cf477749
SHA18e25897bbaadbdb87c6d68be164b940711d6cefb
SHA2561183ffaa8a85ccbc03b76bdd8a153c15db30597803fecb83112595130475a330
SHA512af35bbb554f35f95171318e8dfbd57b1bd4e2510b2b37abd40e16af6a4115a97cda74fdc2de61b6c3a04f800585ece20930aa9d67819e57b8a1259a9199744e2
-
Filesize
14KB
MD50dab2f3589fa37029a84a58e73baaf0d
SHA1e849e1b7385484dae32fd1d6d4daaed5433e9b86
SHA2560d8d83ec28e88f4767325da51f553714987b842b6808620dba24c09b3920c95e
SHA512fc58793c44eb4ef43407cf8b5ce507745d83674e6f1b6e453bc3fc7f72b3bdd7dfa08b048b34fa6ed7cdfdfcc0d35a744c8e21829085567e4e49346cc7fa8e86
-
Filesize
8KB
MD533994056c62bf2c3d4e8113a1fe32721
SHA1bb6b09cadfbacbba35af44c6b2693eeb5a747764
SHA2564014d8f090c7b67eb4de6dc7c9d67b940a9eaa72ef46cc0f95e88a6ae96f2378
SHA512c96ea8392c95f13c4d9ba0651397fb89082b757143484a5d3cb9e1172fc43071f08ddc7f6ec212fb0aa96a491bc0be355e401fe97fcaf0dd33cedae80bd86914
-
Filesize
14KB
MD5534d916c38a5b2606e1422a5bfd5816a
SHA10c03947becca6fdd20d0cd37a5940bab67440175
SHA2562eaa39d836a9468a9e606553cc5b92a0d72fddc1771a9c979743ac24b598d165
SHA512186df630955687738aac5435669bc467a45b52f7fc319db911109978148c8f8e53a0ffc35d3fd6827b3d2d0fb429921939e07b2647fd48cb33fc0ecdf05cdb5e
-
Filesize
15KB
MD5d9b0aa412a2efd105d5ebbffeb0e8f87
SHA1a44954a6b5e7c9e1f7a4158e32214c5603a62619
SHA2561d94dcfaf3f330f4dc63c8d6bcee2d988d29b3c7e4531244b89bed123bf1605c
SHA5126a88982badfad810a45897c7f2b47e53bfbef5e47c5f54b82ca82d66b63943e5a4b2555808163773f44e095e14ad352f73219aaf068077d4eac10c3610d642b5
-
Filesize
15KB
MD549ef3455c9dc429b46fff649dc9e2c4f
SHA192be24324154ff8e7ce9e83d291583451fca7723
SHA256c25c1f7a8e3e277a98b4d837c80e7b7ccdd04134ad6199421c1610792996287d
SHA512c496c5f9e8562c2de09dd383f5612f78c62e67a0fca461c3df0668d4a0643568d598a73630cf19f80ff1886224d488ef9c1a8f1bfd6370c352aa655e563db678
-
Filesize
16KB
MD59fa5f9b30d53f4aab74d0ba48465c766
SHA1e5fc939d0aa16b15337e9e97ef1e5996979370fb
SHA256b7b37d715018b6de11ce53799739496d2207f4679137f55fe5ff719a78bdd210
SHA512313c994393440a637cd574afedbd7cad626842aa6dea95c259f981b8930f5d540724d2aa15642e58ce75043aef5e7d6307921aef018e34b8b53d11de3f542be9
-
Filesize
17KB
MD5d1ab0909f95a4bbac89b47531678a8c1
SHA1edf6d7af233f8f1f34cf90d6777f08c8642d1605
SHA256f57a79ce3593bc2f3193de9fdd0d01f50ea42425d0737d045ae382460e4c67e9
SHA51217913ba64b1ce28fe2b63fb5191a3a588800b90f55e4556419f33d05f50fb5272b874ecb75495ea4aaa10a4ff7b4eefd5742f12e53d7d72d9921b4041a730bac
-
Filesize
9KB
MD5c984ba46023278c5c0575511b9723a8e
SHA1d73deb5cbd0bbbe0265fb99dc047ad2a79d51d3e
SHA256597888a09be86af1e07d4e71c8b9a3ed2501fcbb92928f76b80e3843298d5a84
SHA512e66edcabc60ae695a716f487f7528d179b2967732c63e1dbe79593261eda1ff2aec5cd33d231cca5e71a660fbc4364bd7fcda43f38512dd31e059eec0e55823f
-
Filesize
4KB
MD546d83e8197d3b4ac9118bd2b76d2099a
SHA1e70610832ad6ddd032854f73e86bca1622bc0ba8
SHA25693405e8b8120a3b5f34dc41046ebce806b8fdc6890fbeb61c0584708c9c54c0a
SHA512aaae18c3bb9a8eca73c7ba06da8766119f55937f5d600f94ce60dde993ef9939a9718204f961befa4da3bc355373031e5235134b41ede1718eb99ec4641d9fc8
-
Filesize
873B
MD5fe11502b4457ce20a1b92532e216d0f4
SHA115e3e2341de5cd697b5af78163377f47f27fd572
SHA2564a50afe52ea1ac91fa89c8605d6b23d930dd477e76c3bad87c305f4991228524
SHA512850e0ff5f9ff750e2e61372dd5eaf430763bddcc84cd08ff9a253dbadd7f918b82121becc6f9133ac46fc17bde1a326ec1e3915ed6a205ee739dbad302e0499f
-
Filesize
4KB
MD548f976384c64976492891439e168f0f4
SHA18a22c4e97f51510e1c77cf6a1af367f01389780a
SHA2565570c31b6158f79fbbfd9b94dd4191ce9d62159f868ca44e14d3aeca0084bf86
SHA5129e158080bcb0cc8ac26eaf2387b95bf9e7f9497535b4deea8f45c40624da472f7df822ae97653a28094628febc837a6b7c6f7788efcc243c02d8a2c15fd212c8
-
Filesize
871B
MD56d00dda4d3020b794f2b8a5da38355fd
SHA17461ac4d51cd603faa95029acb5c210be2cbb01e
SHA25605b0dae93ebfbd9c22550fcac7346de75ee3fbc25f00f8745806fee240443253
SHA5125c1818c1da7a9818c22086e2b3dfb9ef3345d83b5615c9a9421cd1e32b9ec1b87c0f9020a203f48dad4e11e6730caf9a54afade845f7da292839b7f7636bdc95
-
Filesize
1KB
MD53cc0d76ff87413b17d5d3ba0f8d062ae
SHA19790663b984919d572b4c10eb730eaba28cfd41a
SHA256e020f0d27d361e7a9b8dc7df87594e7518657f4d060007151d6a4896f02fd2ca
SHA512b3b477ec5a7e1a72803d3b2c6bbd647409182a2bd5fb3cec6ec293df5907ae96f1f8844f05879d20e10ecfcdcdc3b921c9699e6bcbaf3604d75fe19c7c4c4c9b
-
Filesize
3KB
MD5fd59c8cd2445fc7a205fded082254a8e
SHA10101d6b89fc2bae096f7cbbf95d615128e512ef2
SHA2569108e351de38c0e0cff57628601ca4ea9316b624a79480870bde6d132c4018dc
SHA51239a8c58a8ea2ec0c7c232deb8f2e3d9b95fdd58914d84ec2fa5d348e8c5b01daa5affef649de10e4fd8ce6e77c8691bd847fec3f40874ffcb64fa80d9915cfb8
-
Filesize
4KB
MD56eab101e30ade7ef8f160d7a921ab6b7
SHA143c0098509d17b24d8c1513f0650f37cdf458d84
SHA25623924e3703043cf9a7df6ec9671270bf1bd220598b1ad6c369ef7d754ab3e9c3
SHA51262405cb47c608b72da1d81c5e26dd541617c5874c7596a93f7b7d0dd13ab34f6e732f8e223278ab4bef428c1651b7ec130259840221e952d07b6560c6bfcd6d1
-
Filesize
4KB
MD589de024f838464da98e6a47058ff9881
SHA1ced6fe102397249be916b4bd29282eb224c8bc9c
SHA25639948f97627b367456f942c24a3e9f88143f298d8ebea39374b2a47c7426b425
SHA512ff1f849e496d3ce0cfb1beaa18fee2976669ddb19cda023a16b5cb12b53db05947b4e8f7a4b10b04deee6477bbb8da3ff056327d6ac7d7f35f62e782715ec612
-
Filesize
1KB
MD53a30c140037736d09a720843c6bda5b0
SHA10d435fcec66a6f1b18df3a873f7726d13b8b9a49
SHA256fe5a05f3978cfc973f74ccbeed0188d8d7f25c70ef9ac67a923d997b2cd49efa
SHA512fb16a903d128de92be6f75ce06b7064c04983f2c77698e215ad04f4d5765e476d3c139d99ead6cfa25ffa3fdc23fb94a0009d4a79b2dffcf77af25e9f20fa31d
-
Filesize
1KB
MD55375dcde49674dd206fca29cb7ff947d
SHA1fa287e295e97cd2ffbc41e0308e68e3747eadac0
SHA256ba1d366fb3f01bbd584a98ceb11333e2da3e988d5dc26b7b1ce39f4d11d81ceb
SHA512482921cf9198fc9c6d3dd3b9c7994720e95de89b16f3472945411f53dbf42e440bcd29fdf2f1b34f07b934fa29a0145598d39ca2216949fec5cdd37c75e70568
-
Filesize
4KB
MD50d42e6cbc17b8558bedd1e4170dedd44
SHA11b7b3fa185945c7161dfc1f1488a1a0893b6fdb8
SHA2561fe03adebe0560c82ba183ce2f174a3347f9f07c7cc6d270c4f6e3f6803e546e
SHA512ea2e9d6e8c08e64d19c5384b16af1069f2e21e53c2c84601224694007413277f3fe0c484a3fe52b375ccfc2a8081b04b564d02ebfc17b30d47c28273d61395af
-
Filesize
4KB
MD54c29d7765cb9114a5e17db00975b0d32
SHA1b25bb41ccdee13d09e1ff3e2fba0572aec113a01
SHA256b24505049e1bca0adae40325ee99618c7c8d269dff6337cff29b04850b98894a
SHA5126b12c76085ba584846c73d993d439b6b4565e2dca3e5b2c639349be9eabbc43fbd834e85fb2649f46768ac7e97a09e6f8b3a18ca477a84d832a591c6b995d7bb
-
Filesize
3KB
MD50634077986e99317311df1b5d412a031
SHA128ec4b2fb04391b1cc24ed8152de93c944561a02
SHA256d7494fb9c32e3fbbfc3ff45393992faf724121f567053ff4df7a64cbdb02a6f9
SHA512b6a0ea074ddfd133e215a53767a01309ee478e2d96ae414a97bc3e90601b37a257907d5513f5ce394b0fffa98bf0f4c85ba9bcebceeda2dc9f93af5a78c1fef4
-
Filesize
4KB
MD5ab7cce31307c1df0ced7659654858220
SHA1b3d153d3fbe3433c4a619006b3028bb875e18edc
SHA2562dfaf94832e2d3817085af2f2377f5f45c7c46f5b67a9bd4878fd2f003c2ccfd
SHA512c59d668db18b1afcf7481e95dc6347563c760dec19d2f08f714a8042554cce4af0db792d6d1f78cb7f17421aae90dfde36576c329ad772e35753fbfc2caee335
-
Filesize
4KB
MD51d4be312ecfb3352cf7d88d92f2bf288
SHA14a21fe1d45e468e5abbd0905cfda06cf4f6e5f4f
SHA25690416518cb291bb81cbc348c0c985d8912d1aacbfaed21ae4fa511824ebdf9e4
SHA5127ce372a6661d26072af3bc07b1d0adfa6367ff4a048b02939453a961383779293e5091b7912069b58d00a9ffd3250828b769d388df5a59b637a3bb71e8bfb14f
-
Filesize
1KB
MD5a9d1515e7cbd6853fc28fa63722dbdd2
SHA199a7701d5bbe5ffdabb710005b490c5e50f5e71d
SHA256066a55fd579f53fd6ef79c148022c67edbde9222de7c84f93ab6fd4b8f19c487
SHA512c8fd4e7d7f7ab3ecfe55913650494085a10150daffcb6cfd6e29ac629aa33a01978af9afed9725b8f8d060bcfd1cf358d40da880c1603a1629c7183ae4667618
-
Filesize
1KB
MD520a661f7247b53c2cdccfe9686be8cc8
SHA1884d94697360bd43069756f186475423572120e4
SHA2564b9340c3f70b41651f9746c61f82159629c3d1d10c741c5061022ef0d31de6da
SHA512c74488671a5e8f358c4f41c2db53b79060caabb351dc04678002e1eaad74b417e3154560dff42cc3f188f7f3bc6a5e4cdfbc8f4d362e2b471ad3ce4af5c93424
-
Filesize
4KB
MD5ad212c28c819f64702028ffa10fc4361
SHA170ec6d8d4e221d251d09d4533aeace0a61d7a9ff
SHA256cd030446625510f1e05725b118d70e93683f5e441d5da8c145409436f7d0c13b
SHA512f4b5e2d050635ad57a25f28b041ba9e58cdd87b6004e8b6386e6c7914eaedc87334ed0497a405f7f1eab54777e3956f451f04fa788eeca305f48733a643619ec
-
Filesize
4KB
MD5331efcbfa1b88b62d283cdb42b2bd99f
SHA17b3b622bf4c0c9b695073393c15a789d5fc4a6ff
SHA25687ccea1b65d4a690137baab4660629c2fb8777da0ff84f0a014673028ebdfcfe
SHA5126fdf3c4a5be08625dacf7bfa540072d464c115233cc8fcfbf889d49d625df34b3486c1ff9f8cc2954f9e32c911afb1126116a96dc6931ef57a4e57a20a07785a
-
Filesize
4KB
MD5ff7bdfa37bc23e223f9a5930fb4ec134
SHA1592cf3d31fdaecf411d1b7abb42693e7865a5cf6
SHA2569bee0d2174952f922219b8b4426f02824fd834878a7d2c5a52c682870f440ada
SHA512ca1841667f1156e9e89cc79e8a23221bb7c07a9539eeafeb19c82584dd48ff8c6fecd1359683693c84c8e59f495a8b394ee2cb2a942aa1176e4fd1873afcc2f2
-
Filesize
538B
MD59ff23d1fc0b4c739956a1ef6b98017e4
SHA1323f1b56fcd749aee3aa45cb5fce0f7c49ce403f
SHA256b5ed6a69ed4bc6080f541137d4eb325595aa683f2eaef9658cd2fd41ae28b1ad
SHA5126ff219813c782f13ab4f1efac3583a9fceb058420f92516a9dc60857e2d8ecb768119c1bdb0fb925359663d4c95808aafd72fac1a1463df25f4b97e90ab09fd5
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
12KB
MD515f7418e8d34a2f804c674ff13290c04
SHA1bcb0e303482f8d9da1805be002a93b47185e280b
SHA256458079472ca85584a1b9579f358fbd9b1aebe43a683b8f9ed461131d229ab031
SHA5123323e513e05a4c1cc35cc55e90a81cd6ef6a6c54ecc85cd04f297b84a9a4c7daa826a82f101f38c837d65155eccef78319b8d37ee40e95b45d1b0f0e7d51bd29
-
Filesize
12KB
MD57799b9fec720b7ed0d592c6303454951
SHA133c0290b1c720e2b032343f58d40063e9b2a96f9
SHA256bd36b32377182d91df00b5870532cac1f8ba544ff61ca820a927604ac7ecd4af
SHA512334c656ce149c18cd44ee7c3d86d242dffb0707f1a05d71da8c9893c819e7e2ff483ebed61ad3e24b82ba460a4e4affbfa3f34cf030ab5b777b4aae01f738e70
-
Filesize
11KB
MD5603d0c58eb960b61117c0821df1435c6
SHA136c3f76b8baf49d80b4451fb30631e5562088fd4
SHA256b97c40ae9a8480cf1d79fe9a7a89a45a7ba2529b8f91542740e1daa2351a6e39
SHA5122db6968eeadad00cff3e1a34cc2747c5377cee680220b77b53685a40837ee93328e86c5f36ba9698b2558f76db95e40f0b72e0d4079dfa65a2f9ab5e7f781c5c
-
Filesize
12KB
MD5be33efca1498ede0a9ea5e841bf3aa43
SHA185074f8d0b7c4df81bef9c1fb6ad71fb2273083b
SHA2561474a1af888dc2e49b9168c5e3abee84b57364f63786be17de2c028dc5bfd38c
SHA512f21f910baece595823f80470f2aadbc69daf66412350caace7d47333dfbc66a80028db8419a5673c80ba6a777f3ecdd54d818755f5dfae0ee3988423ea977896
-
Filesize
12KB
MD576f1b43e9037abe97d10ff4883501888
SHA1ecea820c1ad51cebc43f9773f30306245046c98b
SHA25610858064f4793520af0069d514a48ecf33d9663b4c70823613b14fdf67151135
SHA512090b76853bc7ad24bef1c81bededa8157e2659b8ee56081fb62ada071289e1962fedf2af349e1aa6d00716dd34715a8e4669762eb78a76f01836bc0eaac98399
-
Filesize
12KB
MD501910d3a1c35d458ab5240a3f382e49c
SHA19749b953cf8c4ff08249d3a3a4452a4e86674572
SHA25620fc6e1c7e822c737a4c181e97938475ca9b36527778d9da406c4e5aebb69721
SHA512e8226854df2fda440e60033d92e540d6d6f1ca4aec0cd7a0677e3c33fc5e9c9c91db61e9fb8f33db5e64cc77e22412c5e5eb0985977f82edddfffac4e21a69ff
-
Filesize
12KB
MD5bd05e25ece7fb9b60c30a50d950d198d
SHA10ef6a9b910cb860fdd3aade8da993d3e26ad1ca9
SHA25669d887bb29bad42b7ac8bcd3c601677c90ff3bbf123ce609eb01499832b2acd7
SHA512edce00a822e47484bb57c23119bf4816dcde4e077da2aae28829fa2670abc0bb90003e94d3751c9e0e1a89e7568765333add3f0b817f17d805098dc81e1fb274
-
Filesize
42B
MD5d89746888da2d9510b64a9f031eaecd5
SHA1d5fceb6532643d0d84ffe09c40c481ecdf59e15a
SHA256ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
SHA512d5da26b5d496edb0221df1a4057a8b0285d15592a8f8dc7016a294df37ed335f3fde6a2252962e0df38b62847f8b771463a0124ef3f84299f262ed9d9d3cee4c
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405071243251\additional_file0.tmp
Filesize1.4MB
MD5e9a2209b61f4be34f25069a6e54affea
SHA16368b0a81608c701b06b97aeff194ce88fd0e3c0
SHA256e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f
SHA51259e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
5.2MB
MD5c44227f38d59c590106f011b17eb90d3
SHA1b99b310fc2249a7879290ca5d2ad915ef588e76f
SHA256c0a24436f26dc0d4a4be90cc7c75343039f02ff058ca00da06399da839968b94
SHA5120edc91a06511cedabee7587401f69fccb3ade9747e1855c850806c2f0fef4402ed412dc1c68d03a70b317ee6314fa446d8541e831dbe24cabfafda17aa1b61be
-
Filesize
38KB
MD5a35cdc9cf1d17216c0ab8c5282488ead
SHA1ed8e8091a924343ad8791d85e2733c14839f0d36
SHA256a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df
SHA5120f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf
-
Filesize
9KB
MD56c3f8c94d0727894d706940a8a980543
SHA10d1bcad901be377f38d579aafc0c41c0ef8dcefd
SHA25656b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
SHA5122094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355
-
Filesize
23KB
MD5f4d89d9a2a3e2f164aea3e93864905c9
SHA14d4e05ee5e4e77a0631a3dd064c171ba2e227d4a
SHA25664b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb
SHA512dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2
-
Filesize
67KB
MD585428cf1f140e5023f4c9d179b704702
SHA11b51213ddbaedfffb7e7f098f172f1d4e5c9efba
SHA2568d9a23dd2004b68c0d2e64e6c6ad330d0c648bffe2b9f619a1e9760ef978207a
SHA512dfe7f9f3030485caf30ec631424120030c3985df778993342a371bf1724fa84aa885b4e466c6f6b356d99cc24e564b9c702c7bcdd33052172e0794c2fdecce59
-
Filesize
12KB
MD5cff85c549d536f651d4fb8387f1976f2
SHA1d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA2568dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
Filesize
20KB
MD5345b6faa62a50ba996a4fc52a17031c7
SHA17ee131c8c4f836e9c88764197da34a5a9dbe7d97
SHA256e994184f10c979ec8d3e0ba11d3c95322b0f846fe45d0a56afc2afb35cf92d9a
SHA5125eadf9edf82b83c2c051c6072b7d31a711bac17513dfb452c25f98cfec00fc54fef0e54c29e60d5de8813284bde440b4f7843c5cb07d2bd9014b0610e98a9347
-
Filesize
44KB
MD501e912f4dcc1962e4caf95cf06824bd6
SHA1ca38906b61417a495ab4a99f87fefd1fcea27b68
SHA2567de65937b8b6dcebe11e373630b32979dd51dd642f5024c398e235fc603683da
SHA512156b3efc5656164c06e60a7657829216ce17c607a3ac82858c82ba8c886919b3e36d54df101b5387e5eca967672d30aa0bd081ba9ed322f407e7df45cfa6511b
-
Filesize
21KB
MD5261025b9c39810caebf7cdf301c62517
SHA159a757bdd007daffea95ffb2d2eef80b1e1f13e5
SHA25644480d48dfe139cb4125ac05df462fda4d6980d6558151c3a862578fbf790370
SHA51210db13d86f2a75f3857b35f0b9025714ae53f3be21cd7f93fbd22909e294f4fc81b2fde50f5b378251594aa6158d139432b98b5f90c06779fbdae4ce1be2d982
-
Filesize
18KB
MD5d3e82a3a0a0f6b3376aefbe411909ead
SHA17a819fb67e3f2847c667490d65723125850881c0
SHA2563383fc788e3e7c0bd856c225b1007bb334039cca9d1f6f193a1cb01e3b87629c
SHA512d933cc2bd25726cd99463e2b6c4fa4f84680f5051463231982fd1871d702a0d3e14a99593810260000861ae446ce3a623847f70953655e017cb03daedda0af7c
-
Filesize
13KB
MD5826b388ae77158fb430eef40d09e20a4
SHA18e121819c77c950cb13767a0eeb76cf19e48eccb
SHA2560a2387d1acb456406dd83fba1f69cb48532f96a7aedf2e9e128229c66dbaa075
SHA5125c44c30861b8f2045d0ad3bef298f84a9404ce6b3fbaef8139cf603bff9cdc878b0f87d6184d52bcef7ce7d162148fd77d213c1f8fabefa49d5eed0d88222027
-
Filesize
162B
MD5bf28ef9468e4e1cbc5f3e055adfa69e5
SHA1d5cff2ec3851f3fff649d688919f9f4f8511420e
SHA2560e86dc475bac19122a3134a18cf8af26b83831df3346bcf5093739ca2891b4b3
SHA5127b37e27f56b8ef1aeec6f25bbe7336ad0bec837af4390e47932adc67c9ed873c6b7cb5d643b39d0b6f383d79c7ee0ab8aa39e70f894ce8f2b90a884d1325c3f5
-
Filesize
323B
MD5fb5db5e3968d7da7cbbce232e2c2f811
SHA1c0c795b1f11c11593a083cb727eb82c461d4d002
SHA256689f095add0c4bafc2f43d6325bc02f5ba43eed18c7ea5c64a4745dfd78fc53b
SHA512a1670d5cfe3b66080a7f03b24cc0441c7215adec93e865de65057b05e6e0092ff26b4ad3cae74d98b3f024a17699acbd8a1204907d80fe03fe7ed957e35ecf98
-
Filesize
22KB
MD578eb17c6725d1866498a5686dbc41a7e
SHA147d9449b3c174177bb7e6d21b3337e69c55d04fd
SHA2560842e42659565226dc147666632625825f5191eafad20bebe321000c57986a72
SHA512db445019904cadd46fd2e09c57395a3b7e532ef40952ebdba3b54d180bbf44a34189f8c4896a5f2ca982fbd3bf8a144e255a071adaf913209d78ce78948d6c98
-
Filesize
40B
MD5e0f071b1bc4a0dcabb835d3e5a960613
SHA1974ea3f8cfb435c9f63d2d0db1bf20b01664ee3f
SHA256bcdcad551fce5701ea9c8fe8ab258466f5743d2de62970ad8a4efbdf8ace5a45
SHA51285415e0c240288cf8449f9574d9cb0aa7dabe1997f93ddd8c3036e7bb5123d3044b3ab9f20d744c4bbd79f751c9ff1331e7a5249f3e0f48187a0e5f87a14a1e7
-
Filesize
12KB
MD5aa3ef996bce08a9c34fe513d078d1ee3
SHA121688d164d442d37fd5471e13b41b1d216f88d37
SHA25609d2155be71880356a993fabacc2ce01f4fbab99497ec157b53a094b8927c039
SHA512285c85ca55fa54a1a12c47909b8575e8388570a76f238dc75aedece12e58dc0a3fe15edeffc41af14bb7944a0682de76f0ee0d6502d15973f8d9b1c5b2f828bd
-
Filesize
173KB
MD5dbb809c9ed271936f6842f22d0647bd0
SHA10276c592bacba0d2a3aacce241b3340c46a13f80
SHA256b40ed97fedcf048b92224e3c6cac62dd8286732e7a945cdddefc49d8cf5bd398
SHA5120e7edfcc08cb0969aac0e07461736a85e175ba8652c564924140f70d251dc0a7ab0da26a6d1411ce7070d45d6c7a95d0fa9f93165483cd6d3cd33d5d20d85f22
-
Filesize
86KB
MD5b02b0e984d604705c07442f802bdffa8
SHA1fb288f0b8c59cac7374654e39a8ef1f9a828b0fc
SHA256b26b5567cc10b8c77b861390758de1598b888175ea2cd8243b2f10617b827d89
SHA512fc55e5c2b9ce2a0015c79f13b9c10fd79233c8de0aeac358fd786affe28ef170a6e9b8124c2e41cef48d37d5eeb322664e07ff46595cd005d6c2b0087fe7fb1e
-
Filesize
960B
MD50246103813e86d1e0cfca2ff066f07e2
SHA17a469e65ead534eb03f523f72d169799b4e398ee
SHA256a34b51be1ec74b50c3dbc868e588d974ea1061a6d578ae5a87142eccc408cc59
SHA512c9e5a962b0edb67e327e050361b20f02fcbd29eb29d369a885d6397e90b67c932b2e9cefe4a84ea308bd2dde4f02e6418763a8b97bbe8d97ff6ee0ee0b676456
-
Filesize
1KB
MD58fc4b1034b22c957f84e299e077124e8
SHA1b9fe01e0f6a4cd6515fa83438062e38d350563ba
SHA256eb1761cbb000013a142dc53bbd044b781095ef6c77055143c032dd85305da7d1
SHA5123ee4e2baf856b61b429db8ebae976165c35c8d801211b02af08514618e50aa358366e007d2d4ce786101560a7871a472d9447e0254bb42365b359db676c5b236
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe62bfd0.TMP
Filesize48B
MD575d721c3681386d10e1aa42b7cf81445
SHA10e78ec14f4a8c994f32ee894cb7d4d90fd8de60a
SHA256386b69b6f18329dc2af2b1c346d125d8dd177709822ab55e199f66478a3efc54
SHA51263056e1af065b3031ca41cb746c8cd829b92aee5502eafc3b6fc174a88315c457f68a256c13d057802d13183933a25fc8583aa58f9a0dbb3e76b38009d51df58
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\hbgjioklmpbdmemlmbkfckopochbgjpl\1.0.0_0\preferences_schema.json
Filesize7KB
MD5a192304f63ef26c80086f835cc4b7ada
SHA16963e90e752209132b728a938844c4c64dc94d43
SHA2564f72309f9378f04b3f1cb8f46b031ff513ac63e5056d96272f2bdc6d39dcddf9
SHA512be619909cd0c3465966a4018847310c1493bfdecad6f07bb28293f3dcea73dc377f5d52cca040d626368e17828eae28384fe51d20c4a71925c5f31eea8e18561
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\IndexedDB\chrome-extension_gbohaofhodnpniflcnancekmknlomeck_0.indexeddb.leveldb\000003.log
Filesize27KB
MD5665280958d5d881bfa67f3421cac072a
SHA101cec24191b2387042e015054fa233db33672d41
SHA25666d3a95b7d4d1b46c42c3c55be958060b5f531f68577b67cd4dcf9c26c2308a5
SHA5127068236aa866aaef14590552e7e16d7fcf33efe84dabaeeab59178b165e2889561dbb925f3f44d089e17f8477998599f199372ee7b9c5fe628e98488471ab59c
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\IndexedDB\chrome-extension_gbohaofhodnpniflcnancekmknlomeck_0.indexeddb.leveldb\LOG.old
Filesize441B
MD5cf99b701065802f03c61c01f2c9b9577
SHA14b2882d7b5ca475888eab44490ee684dd040bdd4
SHA2564d2d14f9be60e395adb7bfd261f9957567b8c72978930a2b8eb91f6c93c7ab91
SHA5122c9c04bca028ea178fcfd50cb4258b3b109a564798768e551cf74bed30204c6a99eb42e4543d25c348ef4ccd2ec80129ed20dcebcec2f9bf9b1fede61fa29668
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\IndexedDB\chrome-extension_gbohaofhodnpniflcnancekmknlomeck_0.indexeddb.leveldb\LOG.old
Filesize444B
MD5580371f8e63268714f4b5d0784f560c6
SHA1367a461b7b717625608cae9f7e38feb11fd372e8
SHA256bf75c00f919966a1f96b1ac128da275099ad33b36520794c53b92e9b96191933
SHA512264d09e2a78103785f650d058b8b7b92bd7b1a86bed6f04b9a6c927cf22575c978840314e9402efc475a5356e2f05dac65041de2d9301d92deb4f4bec5a63542
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\IndexedDB\chrome-extension_gbohaofhodnpniflcnancekmknlomeck_0.indexeddb.leveldb\LOG.old~RFe6553b9.TMP
Filesize403B
MD5ad7802cc18e7d03945ad872e2084c9b6
SHA1fc3332fecc0704ed234c0fb5bf15c3e0b739f654
SHA256d7efe4837d758bd17e69ee3536325ffb37f0c92461961b738263d93d585ea08f
SHA512274c5ebcdb449e5953d7b295a8da76053231ea0378e760762d7d918d6c5dbf4f388a5f349dd934424e34ceb35e4812caeefc27db088b4199b80bf743d667b302
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\IndexedDB\chrome-extension_gbohaofhodnpniflcnancekmknlomeck_0.indexeddb.leveldb\MANIFEST-000001
Filesize23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
Filesize
6KB
MD51c66a14d98b3b386bc35258bb448e49a
SHA16d185067a490312ce2bceb25585cf77e6f22d903
SHA2561dacb3022c07d3397c93e2021b6d8b8b742f4f505a2fe3f8603e95744e88ed0b
SHA512d122619962bc5ee1a79449be071e17dae4526220e564097133b109dcad74b50f4f3cc147a864c9b9cafc1b3d7b60cfaca8f5e8999a3b2cd5245ff64c31775b66
-
Filesize
9KB
MD55ad3902e57b3cb53e08bc7c10b5472f4
SHA163a7151cf61b671b462e319997010da96792ec33
SHA256256a57a1e248f225986d50968b1884e8b35ba184b4a3079962260dc9e3ca5b39
SHA512aa7b65d8318c8453509e2abd3a116b333f4bc68203f31505648a8f4ce5c274350ca794c8651e500183ada7c3a283cdc2682d7a823fc00080db194c2149c7f8a0
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
9KB
MD5066fe1cc291c99b25b7631d371d5d9f3
SHA1f1e072383a13b9d3281f1d5517fe42128ccf6740
SHA25673a92e1108acf1304a65bf9d0a62d75a39a5f45588eacf7aeca302f24a4e30d0
SHA5124fef5d2e2c28bc76c50fa8626273c3805c382294b04cdb416467034d63e2a57353df26ea6de4cbd1988932737b34b971a3c2f29b37307fcb2048f4c11df08927
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD531b8a727d5b2268f8b9912c35598eb9a
SHA1087da501d7ef93c7120be78ecf83450c0ab401c5
SHA2563acedbe63b856f8206d815d8265cb3a00269f4d8d19d6e792fe4071d676e21e4
SHA512d861864d994bafb946461c555584b05dbbf8360ea152daa6d01d9c004d4986d68e83d1ce6f7e5a90f1661fe65d3cc1d17d6e1e1b61821ca4519658393a73e0a2
-
Filesize
1KB
MD5e8e4147860c923eef9721d55f9b91d96
SHA1d2812391c309da71d115251d6d67380cfd645dbf
SHA256c44c9ef207da7fc7b1483bce978a9be9df2febab18184184cde34398c599bba3
SHA5124fc6d2d508447c7402d13af9c5be6adaeb3bc5700b78bb55d016f6098c2cc0264b8f343b954b3253ed47a3df28fff59bfce6e54a1d27ddba839c94f1c522c937
-
Filesize
1KB
MD5c1c8d7a729e8675fea2ca141f903cca2
SHA179cddb035fc4831633e0a34a8e03238fe34cf5ee
SHA2563992a29ad423bcf04cfea3175560c8610d017ae2d21363b54be6fd4edcda55ec
SHA512636751361bf0490ca448edca4f22700b36ee9acf4004710912674a4a21df905941996cc55f69d485cd5ea060cce637e7a9eab11408d2860b102fd0326e143c9b
-
Filesize
1KB
MD5033eebb4cbb20a47976879825b8aef3f
SHA178aa5fc035cd52c945e677175680905488b95dee
SHA25669ede7211cab6e1525653ce2bfe8df343f89854dcce86b6ea1ee7dff79aced40
SHA5125ae14c60f11827e72cfb4a1b4f321fa7d593c7b2702e1e11818ca71619dde884ce72b3973e4742e046aa9bdd4eafefb4bc7c54557c74b62582cff026bca9dceb
-
Filesize
1KB
MD54f66f09901b6d98b0561ab8fbf196a5a
SHA17e1e72ec7389c9c75b3e7f64b22d5fe185fad887
SHA256397101418447ecb53c0e739e2788b48ebd2cf732634e1df5c6bd3bf8f32e2695
SHA512a7c71d4013d748b8d579d58c0050f28e591603fdb991495f74dfad8f5ef73023ce8bcc43d5f790bdc7e5b19153eb20947ad97203d727232e23f98b81b3c811fd
-
Filesize
1KB
MD5f5e013d53f94aeec06d1ecdc61a7514d
SHA12fdf29dbd2bd49852c6d752e147fbd5339c36b38
SHA2565ae5060037f5a91c9a181aeb8203306a7a0c9f0f3233511210553c0863c235e0
SHA512754394d28a87e7c44fd2c270f71eeddf76402a7e53b14d165068ff6b945434ba2d68a46e2085ed1f1e5a2d100ab8f3691489fd4b65d93ca093ef2c7a684cf1ed
-
Filesize
1KB
MD5a6d512e0cfd228b0197b0562f5b8b48b
SHA1d86f0c70e6ac04c5c9b5b7232edddd1ce9308d3f
SHA2565df3f17914ddc6521a147b433b4b3a64f2f99b01796d28361164f474c0f4683d
SHA512d6494e084fdc60416d25bc0bbb434bb506ab630b2f368f49abb7689eae51f572bbf9846673c28fa625c1fb68644bd97fc2ef778673d0812ecf85f933876f8071
-
Filesize
1KB
MD5bdc5b212a6a2db1b21d8e63251432f17
SHA14f205465c71770153ce317d89b38e441acd95240
SHA256eb5a5ba27df946d5d1e27597d1e037f0065b0323e2212cd5cc6b16a5dbb327bf
SHA5127078758321be191e0a3fdc084a4da45e75e61ca89addb30008d03e4ad4ccd6b5d1baca3a5b9523b9cdc2bc45de6100f23970a2f5888307e0c103634c0a7a919a
-
Filesize
13KB
MD5072667c303387255b14b72d2700b8d57
SHA1307c429c2033a110fefa33a45f5fe0aa697605db
SHA256c8b2d4b87f9af189d7f2cf9989fa5fbe04f228568fc7b00f477d7b1f2404f873
SHA51210cec71a9f518044a411b8cbdab5c4e973fe3dd0ddd1635807fbf98608cc2fe273dc22828865d077075f12ad8e16c17ae54cd542476bcb6befcf86f911a1691c
-
Filesize
13KB
MD5a685a6c1a2a1591dd1f3796ebaa3f91a
SHA163b8013d90bd66170dba5910c4303a03570781e1
SHA25656c59d626d4f18b58cab56081eec1446fc26b588a1d7c5a2850013b910534009
SHA512168f7477e52605c1600015a98b9291e204bfa0019e1d034de6a7bf2b30e367473e616e2b60e913bcbb19488df43004d3f07fdea3e276fde8547913a91f99907d
-
Filesize
13KB
MD59c1d1563285c7bf44074cb46169213a2
SHA1883db36a86528be1480dfd4fed11e1390cc12691
SHA256db02cdba8cbc320f8287f996107e18858bbd3bf12e0cfe819c72515909750d2a
SHA512c803897f374b764ce3a8fa58e1b7ff9bdbde471505b542b2784311ecfefa4b95993773b5b0f2de3d9bcab5c7031868a101681c941a6c9a2c26347da5755bf358
-
Filesize
6KB
MD5aefbfe4224d185b0009dc8ac3fa3620c
SHA1acafbff868e1c9bc42aab3737cd876f0050f5beb
SHA2564d8ebe48c3b7e09e7a7617056add1aca93a1aa50b8a080f478f0b37e22f8ba47
SHA5124322a5a2d5a02fa5386249fd9b9afead3f1a032bc4040e8041b321ee6bd2152b7922ea8821b5c0ff5b5d29fc1132d4047850d1ba52e83cf39e08df11371e0f01
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0
Filesize168KB
MD5dd231d15cb244fb76fb431dd9d9dadb1
SHA14d6110ceb8b887af18cd7c37e556cb260b57e907
SHA2565bff98d35728a0fa15f47195c7f069423e8fcae8ce37bf3abe1eae7a493ff969
SHA512eaaaa77b3d956df447e45a40db5f47efa45c4023eb8f9ace8f7905cd9dc7cbfbdc35a98ce00f76aba6769b6199bb3986f1884c521a6e124688f728493654d7c9
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize120B
MD5a6bf0250a278e4fd51f7762a85c9bad5
SHA1a4c03774b7559b2e67ac0bb7df56764a87e2b789
SHA2562b3712587e9b2a8a72d3e57b9204e19040965eeac34b70894dc34f30a4ab8c3b
SHA51221a363e3063523c10416142f79fdc2f4f467714d90d3328a4ff6980cf24f232036207f9bd6c4cce4b23dca4175144e96f4b88a00c3b801f397acf5e98fa23b4b
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe62c00e.TMP
Filesize48B
MD53d90f73f747692f05044aff1ea4c7fd8
SHA17474cef16015fdf5278d16c5fd1d60586505ad6c
SHA25615f136ca0117c65e98c965947f6995669f0590e71423d3495defd5e8d762e3dd
SHA512d993de03fe840a71fe41fe0d896cdfdf65212d6331de0ff9880203040c52cc4696848d0d674cb3c526e000541ab5411c273c7a0f316d5318ef2df923cb3cd0b8
-
Filesize
33KB
MD5f095eacaef086edcd6c06ba9f0b43a2c
SHA19c9a0a25446b37b9679dccdb71c4fa320642148f
SHA2566fb8312a87f0ad36434b16ba565f2f3c9bc49ddbe094fc190ca735de6ee50f7d
SHA5126e7335866d2dc7345eb94707250cd803f5a1d5a4e0a798153fdca20f2e316ffe39ba01217674ef7c8f906ef062031a79f065c667236625bc75512b352aa29c19
-
Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
Filesize
264KB
MD5d0d388f3865d0523e451d6ba0be34cc4
SHA18571c6a52aacc2747c048e3419e5657b74612995
SHA256902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
Filesize
6KB
MD5b86260673acc9558afd838a1e2db964a
SHA1f5298c5f59e8558db9189d1c374b5c0217cf179b
SHA2566adafe36bb5d21c3de016dfa527a8dfdc37c9aeb4766356a2e0479713da35342
SHA512392ccfa882cd2a360d09f46b59a5492867292adc15e8bdedb809e4917851467bfa1404b348da350d7178300d7c84222e4b889ed8f9391b3aa284e34e420937b8
-
Filesize
10KB
MD566135b4a7d890a58ee86e128a48265bd
SHA145718fbb30c4263efdcdb0e9ad5975f571570498
SHA256272b6d25bc03d93fbb05cb25b68da479f6f54f988a1812206e245b081a15df80
SHA51210ec3e72d669406fa5855d96fbfc9b4b1f836d0f65fbf265afda737e0ae92b646e5ff3485c83ec0a9ed952a268425d306ce9828b4827192acca0a969fa0ba9bd
-
Filesize
10KB
MD5b139115bc2be3ad75f31b9e1dcf18099
SHA1f0146197ce68f4b6ebaac1eed1bb1aa919954ce6
SHA25610afa9551e4db2266a3a346be55dd814eebd43f8ce8cd22997c6e104c78e8e93
SHA512efaf9d446ef9145baf21de6a2ef98f5142b741e4097b04fa497aef49a64a6456a025adf94c2de5e7f0b22def3424f82280d416f186082728c15d35fd3eb46869
-
Filesize
4KB
MD589e40735ecbe8a4f1bd911f2801de002
SHA1bd6d98b9344a183a2745e97732af1365fd0ff09d
SHA2568b7fb74e2a3e97333cba060855d7430d4226ff4212b64d195e9746e97cd98809
SHA512f81a792bd5d91670071cd30b1bad8086d033e7bc80ddf25788a3749b01c8b0fd8feeb549f725f691b55b7c9f0585486540015f91901c8b46ed688b1b734ecfdc
-
Filesize
44KB
MD5eb60fc787ced178cf3cbcbf5eb6c50c4
SHA1b5cfc419ba4a4749d35243e4f452232d3c75ac23
SHA256fa4be7a92d620a66e00dfd1a4222cd9838ffa0ea1228dea1c007c72491539138
SHA512a88d139a66d278e8f6767bfb3b0b8564dce3a515feda3447206433262705ff2937ea7298406bab0c22bbfef5489bc7aad3752b81e660a85502677f9043c78836
-
Filesize
144KB
MD551c912244e7ecaa42f87eacf5dec3d64
SHA16c1fbe878e822b41dc5fd8f8b6fd71c6555a74b3
SHA256cf405ba3735249f0fb97d3d822289737ddbaed63ba60a27fc6732c9f1705668b
SHA512966fd17bdeadc56b8f2a36cf78762cd981aec763a7f00027ca05ffa20da2c318773d0fb39f0ceeed86b49d8aa04544fc87a73ecc9dcac9e54d14b9ba52b7dfbd
-
Filesize
44KB
MD527d3304d96b6d9040693e9bc8e1a344b
SHA14308a601504e25241a20117f77710ec0e4bd175b
SHA256dc81dd68bfae00956dc48fb38eafedd4c4e94054f68937f0e50021c69a579127
SHA512eab6144d8823457d76233331c13656c0ddb271d17a7264d0cbcaa076d2d1e83a21fa2d93bfedf44046b15ab6e72c5e816a2bad6e09efee931b6088afeb64e2f2
-
Filesize
11KB
MD522ee548baffb6f82c9a554ed8120a4d0
SHA17e3eb6d358722aaef6a7f0ae85c778adbda8917c
SHA25602fae3fe343c93e08ac7a10ad43658776121b271fd2fa795436c3c376f2bea60
SHA5126a014011ec4a7bcadcd9aa86234c6d0afd56d97210de92268948d2f13b781c631f6f463416c034931812075457a99a80bd7a569f8764b084d3a25a96d6decf42
-
Filesize
6KB
MD5e2e2e3b27dbe8ebb1e5a1689cbada547
SHA10f173e6f154e12ce6774b006a4cc42d7a680f7a1
SHA2560af9be189481b755cecec6901ab03e1f41557760157501f7d57570222db5944a
SHA512e9c6e2d78df50474ee1fd4c01bf05c135dfc180817ba204fa10fe4d7c0c7560954a905244aed474220dd773645dab7c647ccd53fe82896d70f9177efdf6a85b0
-
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\263bbc26-ef18-4975-93ba-a213e5a531ae.tmp
Filesize5KB
MD5af8b8cf02aa20eae4e441c51d2fb0cd8
SHA1a155f6bd2c6f41a89a80aac536b452bfaf49ef39
SHA2567e45682a1774f5dc0f728adbb9668c83a112a0e0ff7ba3183123e107015efed3
SHA51279af3ce750ce5705e4b448bed240f12e82380741cbf64cd4f7bea961ff0f5314cc8f6f7a03bcd599041999220a64566ca6aedc25a6bb9202bf2e7719808edf30
-
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\494d4e49-5fec-4eb7-bd36-d20a68b8c6a1.tmp
Filesize148KB
MD5728fe78292f104659fea5fc90570cc75
SHA111b623f76f31ec773b79cdb74869acb08c4052cb
SHA256d98e226bea7a9c56bfdfab3c484a8e6a0fb173519c43216d3a1115415b166d20
SHA51291e81b91b29d613fdde24b010b1724be74f3bae1d2fb4faa2c015178248ed6a0405e2b222f4a557a6b895663c159f0bf0dc6d64d21259299e36f53d95d7067aa
-
Filesize
47KB
MD5015c126a3520c9a8f6a27979d0266e96
SHA12acf956561d44434a6d84204670cf849d3215d5f
SHA2563c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
SHA51202a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c
-
Filesize
24B
MD554cb446f628b2ea4a5bce5769910512e
SHA1c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA5128f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0
-
Filesize
72B
MD5086ad47224ac1a8ebaa642eb3b1387c6
SHA126d3b003c684ef925a707f21d9eaf57b13f8053d
SHA256b7761550274de061dee4f2dec475d4ceb234ee509ccac3ec6db9c872e5e5faa7
SHA5125f3c081ec79d20da918fe2539d1a9facd274bd8ae39578db6ef6f55bef632643c29e86c9ed5c5870e5f4aff0c90a3dda4c4b45910aa358560df0601bd65f5560
-
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe62d9b1.TMP
Filesize48B
MD5e20318d540b09c666d9dc695a89be814
SHA107653a4abf90488ea74757fca6bdf453ac40df2f
SHA256fa9c28b9f8f2a0041c8b0cf2dff106eab9143e7e1ca513844dc270cb6677410f
SHA512bb15d889422c2508b713062ba2351c1b0b04edafef9b8c4fd034649506e98089e969c8bcb97953d9b14d65000385b53d58e6d2deff045e9d126dc637f887c95c
-
Filesize
1KB
MD599160a7f2d3ce9e390409517a48cd658
SHA147941391cb9bbaf7c7b84992e1271ea90e0dd235
SHA2561ffdb5c957ad2997d179fa471e73b1baa4e01ddfe3e979483f6c9e62a6cd75c0
SHA51256e85ccb08aedbd99eeee362bd2666e62064415012e2d75af66757e31d67a85958d29b8f1e034d8d58d3f77fd4f4c803c289c35dc2a331512a554cd102dd7cd1
-
Filesize
1KB
MD51736ed425e1f59d516915b7e22c3345e
SHA10d3a17b14f6e3e3ada8296b339717413a0289121
SHA2560f7cfe1a6b7c931ea406006e13ae1d1af29a97f52615ccbe2b38bbe6b3c1e555
SHA512588b97301a45373285106f3fbf04a0b3d79589b615080fc0e5a46fd74da50df2b890582ba9a8ccf0b783cb4f7412743f599002f999a6d7f7ad520ea667a87e82
-
Filesize
1KB
MD5bb16ab2dd7db586905cd2fd2f54e7122
SHA1ac04a09db2825583f5ca4a50f17b2ad0f005f181
SHA256cc3d065523ae772cd391bf4f49322ecad85af05f6eb31f2703cca3b97c28a437
SHA512b4cf3202dd7be80f04c8cb4600a90d7dfa800b0e7bfc0b5f3233e1f72a44871d9950eedbbfeee06b917b848ee86be58282234a50d957d68ca62ec93653a4919e
-
Filesize
1KB
MD5a904503553803e599f850cfa97b8e7b5
SHA194dfe9eb3f06119eef3d5f0926f2fbc1e1649b9d
SHA25620d13c255fac8a21b128ecb59760e2d7ad887639b4f8ccb0d43f258c34077573
SHA5123237bd3871fa75a59462ca1c5937495d6a05f254b73476fcfacdf7a03a433168213025b91475cf87c854e2cdf03f583429e548d7c3be194bcd1b3d016dc8857d
-
Filesize
682B
MD5d7fbb738d06901a4f4328d240591703d
SHA1b55b8e6fe97ab8b06dfab4fa809f091283e9e21f
SHA256fa4632278ee0afd62fca863f867582b6e82ed561f346f743ff6b0427db062604
SHA512e5c4f3a4fe20cf81213099869b380803c6e52960a78f2e5e2e32e992386836d36e4e9a0897ed826db2e8e13e7c51f4e287988a7fe1ac916b16b622ec4f58402f
-
Filesize
688B
MD575bec4d48acee053b32ac5798b1f04f7
SHA1fe7231cbb7770c7da83a874154895024dfa208e0
SHA256c71e2b11129dbb94a9b64c98480ac1a05ca0969581bf653fe89b0e796d1a5f82
SHA5122c9943370fd439c9b517fba421dbf85cf07bc1ecaa9eff89a915c187667cbe04a8996b4f3b2e713b5b3587c3a132176e0a651a82872eedd68dfb5a722c746b47
-
Filesize
684B
MD574aea3ba9e593f5e3f48e22e109581c0
SHA1b02fca3471000bab5d3f9e17e6e661b25b088d51
SHA256c047169f51d19a237e679ad1a29b2b229447f57a8eccff017a264eff00c92c41
SHA512ad970eb7ecd993d3209ecdcb4259cc8f135949a8597e1d8f9a90abacb5356e10fc1ac28813019bd6a2ca6be3db135c6d12f6e36bbbd60fbdfdd2f91e3ab481aa
-
Filesize
688B
MD5868662e508f8c762b797422322d74448
SHA1a0a30623500e54462de6158e7fbed87c9325d2d4
SHA256f6e918a527260cc6b2ba26a3753a62872ec623a42074bbde4b44102cbc98af9f
SHA51201923da51638a4e1283807e0c32614bb2250585a64c21446de190e446c046cd684c9e20cc272574130f8050ea512a6723f80d9db5c11452eeb43933b184e685b
-
Filesize
688B
MD588f3feeca87fe93f2cc0d015ae8d5da5
SHA13dcbed5d68fd66c512538860f553a1347e38ed5b
SHA256207ae3c3990b781a4a673718b07d3caff4a11c8eb1efd8797379af140a0cc457
SHA512b2f01987a9f9e8451568df7954d7eb133de880110cde11ae371be3a87175111c2b4841790157854b3c556b1544645797945f468983754d72300d97165efe7e28
-
Filesize
688B
MD5458385cc27405d2aa75042e536bfb0ab
SHA108694c17e82e379b215f2beb1c8014a53f8642dc
SHA256f6aca677bebbdf4e2bffc1b162625622621094f017684256decdf7d437275236
SHA512aa10329970e4c8e4ef5374e3e2576c601294401c4d60aa466acdaadd658e82f82816712d1c3401c4a2176a6bb89d646a2b064af7e212403ed73b8c14676e3d0c
-
Filesize
682B
MD5514168678a65359d802d001a1902a46a
SHA194a43a8743152f1dcb06512bd4a9dda51848063a
SHA256b6e0936056e793478e8c1d68bcb9ed85dca2778bfaaa94c49b877942ef166e92
SHA512ec3d14362aa07eb76c929010beed3ae6498368f9c8f84d88b3557111bccc16ca6de92770ebc690cb993de9d7d9820161c681529d9348bbfb8714ca7d5c6d20ac
-
Filesize
5KB
MD57adc52c62af0caf63b204bd9ce628064
SHA1fed608c187f19606d9111dfdb09d19b8dfe5d3c3
SHA2566ea5ca57a671c623a6de8fa3093c95dcfbdf4fd0b4f44f41745211eb73792a26
SHA5123340cdc197aae88c0d55ade10d43343f4402c1ee96e481b6b305562e89855c1be4767658497ad005a8817d6fb672c9deba9c57990c29b3f4ce29d4b452fd9aa6
-
Filesize
5KB
MD57a64db3e705764e9d27e03b756a86373
SHA191cc69909165be37b15cfd4d1e1d6b881af41e8d
SHA25666857c9043fe96b767d884c6c8609fb9bb349c6cbc0df25eaebdf5f79f08c4f5
SHA5129d8ba30e505e62d7a6867527d0cfec76adb9a2aec0b2a5c61066eb6daf9779de385e3b3ca1afabc6e63f0f6b3a4635aca2ca72a68928c2323c886035a345809a
-
Filesize
5KB
MD5108758b3af0f270346407b45a89fb22b
SHA1edf579863748f6fc061c90fedd4a5ac6f0ee18ab
SHA2562a7bb7d659fba7788b149b060ef99de7f3aec2aa8f98e08e93a74b11470be090
SHA5127c55955de0fd6762ad1dd6ac05aa7a17162545e8fe8b6848fc9c94038394efdf9bf3316134d442c28b9b870a8e438975f076906232a4637f55a9f4d18fb4f5eb
-
Filesize
5KB
MD5632d963e9730679664bef3bb8c26791b
SHA1033bd403eee7774cb697d3422476d58d7525bff7
SHA2567764ae02c8b55d02528b0459b2d946e0893f047c833947b305322c1f49edd08d
SHA5122743fd98431ffe213c605d0ce397fad7778e29e516bfff39a5090f3738656330e351763a34a383eca54321981c86633b653c9e7979e5b67fd76654f8bc2cf7a8
-
Filesize
5KB
MD5b28d4e539281116a2ed6d091a45ebd22
SHA1e41130b22fe1d43d4c6279d3752429bc266bfbfc
SHA256a6c50140b83b2e2c33103e922ebde056aec52b46dacf76c95439bda75ced973b
SHA51255e54219187c8f7425c1e89ca72ecf27a3ebb4c3226ea1cf1a0cf218660fd017443e78304a956449bb7693ad2f8e75987b59b3a122becadbbe0ee2e79621ec49
-
Filesize
5KB
MD59aeb2d21a0786da08d222291c913f766
SHA19611aefc9f833cdf1c03020c0c416f9f6af8009c
SHA256f75fa2af71ad9b74c41e246bf9c694e2eaa06df85a0ab1148b9f91025d7e0a1f
SHA51281548a8ee3e664271768f440c18c965ff511ac0b877b87942455d2f3c9d91802e178a7ba951b613d8c984d136af856b8f6cdc40024be6ad2b5fa1518d3ea9fbc
-
Filesize
5KB
MD57c2734c2bfac88def6f4ac3511d9b3d9
SHA18eb6511635a9aa48b678240e15c308443db50e7d
SHA2566ac128187fe36fee31c85dc74be601fb8c803f82f78ea08938dde8e7e1f78f2f
SHA5129dfbd980d3c58cbf946e1d9469a41d4c02464317a2d7c50629119e5b003a388a6c6450bb4bbb38fd986702f98cde78a35efa490de800d5c34d3b2467a54b906d
-
Filesize
5KB
MD5b5822e15bf9f6fa2640dc1c5a3aac059
SHA13da60d3d7ff2df8fff3b55d50b8c8298b830728e
SHA2564bf0af87f640c392a158f22e7eb496fbcc0b517816e9c0ed4897129ab5af51b3
SHA5128658f99a5e585b8f9d341341c83d937bcb0f2688119c3499941e5c78d0c458a4b1c9624504e90442ae7217987d46de98ed5a87bbd3d8339e0a549777a919f693
-
Filesize
5KB
MD55fafaa1b090b4fb9fe62c27c25c22a0b
SHA16943a9439304b0e70524de9fb7a0a46e310c904c
SHA2569aa2ea6fdc632a90425ec5e6fcc7263c67912260fd8ba8d58b8d6142e060f83b
SHA51284b78ed89500c910ca51f25e5a83a8f8766013399c66d288b958e7fa119b8b60680c4c12fa2fc0939e83c204d7ae7f03e9085724fd12076f3e165db103ec2d78
-
Filesize
5KB
MD58149636341fbc3a96e915cb39699a123
SHA1574e57de9c2df765c67d87f3a629ba1d660bacc8
SHA256c25019e5618e515802d0ed227359a58df470a82e3dc0e9648fe50b4236552f90
SHA512a7b8a83c82a28cae9c5b635d5592a388200dbb561715cd8f6f0085f656bc4beb70db403bdad629a362e1aec4703ceaba31b1db40c60be14a1a08d0f18a1bf265
-
Filesize
5KB
MD5ddc957d5fd9ca56aa098e6873464dfea
SHA12e2c52f8d15132f093e6525f7f1ff4e07be757f6
SHA2560c1892a195f63fee6c6281add0cb3f312b71dbe549c1776bcd83cf10cea31b76
SHA512dd77630b6c6a3997977480c0793ee12491c91d9d584f253a58059aad8eec3cdbf0c185c0c4a7871461bda04be05f2154e8abb1a5efa42e01bcdd83070d1a73ce
-
Filesize
5KB
MD580eccf130fbde40c272de0c205609296
SHA115929d3565dd01e89930f80ddf63ee1a061e3136
SHA2563bb65414b010dfdbbc951549edda1d36ec4dd89722cc5437ff9ff5dc71680b0c
SHA512cc119cb622278139828114a9c91aea7547203b9d756219606f37b83f827eaa4d84d8d2f8ea288d8f2618e17402b0e1693e468213d36fc675704c8dfb590bad9b
-
Filesize
5KB
MD51384b52b0e11bff9d759b54e0518efa5
SHA1c6d07182c1fbd9002ccc631cae6088b457d88ebd
SHA256aa34b20d6a6fb6d60e58c1512e7549ea15590bcb7c78ae68282addf6246a0b55
SHA51264de6ee77c49e157e752266b69b84fbdf2842e646f3ee4908a9aedeb1c2cda7e6423615db77ce952fee871b685c2924a896679a92dc51cb564e9a62224342def
-
Filesize
5KB
MD595acbbbc2135ae5221482dc0061a75c5
SHA1c4b64d499da9b7d07470918e319f7ed156f4ef7f
SHA256932df6226aa84473f79b335cdbd92003763add90d0397c5cbef9018c1bb026a5
SHA512296c58603d4f6115856091efeb49085248a695453918cd2d6d1775bc32666e646140caadfb183f3ef326ad84b9f9b35693dd7c6cd8f6bb8615dc4aa7a701c747
-
Filesize
5KB
MD5d2cf2fb6f615983fb8cd6b6093c33608
SHA1626ccc600162fb983f184aa87c6049770238e0a7
SHA256421dd4162b583f6a63f1cadd7030492c519e1603a335b192bba1fa6e90ec7361
SHA512a92d7ab16478fd0fc59bebeb94044d2e988e5b570364df07d50fb57a55ac6095026a8a98310ab3055efdf10122a17d18d0a5ea43e6f4feae297878f755b5f6cd
-
Filesize
4KB
MD5ec8f64e1c536badb5ff0a731e6442a23
SHA1564d766b41657b3343c06370be94f7dc497039f4
SHA25635bf893c04ad6275a299ddbfc1ffc2ceefb27045b7fc800f77c1504f83dfc76d
SHA512854dd5078691e63d7bb9c37d0256830e7c8acc98509b77cfb692cd0f237dd97780fd543aea1ab1437b6d723c1148a0372deebe00885435e51c4687be62385960
-
Filesize
4KB
MD5bbb78b0046e8bb638f254f3893c039b2
SHA1629b8987a0250b372e8fe29ddfab90de26bd6110
SHA2562ed01ba0a3ead69390dacea5a9f93dbd5209d0f4dda72fa11e799df7f47463d5
SHA512af60ef832c01b63eb3053768f29d3af23ed9dcb6a2b20a4e7117d81712ac9d31523bf2a72925de97aaaac9ea4c315b37e9b702a231f9a499d107fd761bdabc36
-
Filesize
5KB
MD535361b508b2f05ae80e1be72fb2c7d48
SHA1d55424562f63be87885e172734b49a31b75f3427
SHA2568f1f44761ee41f0763fb3081f5c411b1d699dda3245276485a4a0e23925a0723
SHA5120945b5ea4fa1e56da4e4b2b11df81cc549448d7b1a979d2a229b44ff9f7c3a3eaf3d991cf1217be1218432f56c941b817ec2c33ad8d32d7502cb6314d1ff39c1
-
Filesize
5KB
MD55b8839f55067c85b0a66863fc8a5b204
SHA1987df140776fec04c7cc71e796fb8bed7e614bfb
SHA2567929a500d42cc7258f7ea80e3e5a4c63ca1477e88352e6c2823b105641880a3b
SHA512058df1f63d7b4cf1ec2cd68c9417af4716543c139f088a1b29cb05551339fc97f032083be6ecf26754b46f070e015779731b91be6dc0be97307870b0a340de6d
-
Filesize
5KB
MD539010eff6cb2f5baadd5a3e25b866b55
SHA1f948be58b45a0740088ce06861d1972f0ac054f6
SHA2569985ba337f8e739db9e23cd536f6ecc424f0cf2c113d220709ca78c810bceaec
SHA51237f7c6a0068333c9ff58eeb05e2826b5ad290314bd87b2783b2e02ece39c00290fce755d1f0126e4ce11d7ee6a62584e2aebfb50689b7b0201ae7098cf9ab7bb
-
Filesize
5KB
MD52f35d0e13c25b2291320970e48c86b89
SHA12ff4f7083be81d75820341b38954ab97984a6e85
SHA256a9b3961168f83b9b70c2fab2bb3c57521bbd630dfe54d99a1d16850288abb006
SHA5127149b3665a6483f85a1192ef505c11fd870961bf68b897807db8a950ea658e03089bd1f4a1179a5e841e3a4a84b6945b5b3ecea4259288a49278939029c85930
-
Filesize
5KB
MD5fec21fc3f260f877e9917376cc26d223
SHA1fc62abb43983219d1b88facce2581a2256173660
SHA256a2aef4909d7bc178129a31856cea81f745b0dd68f67af76588ff0000ecc6c8bc
SHA512ce83784cbe390a6d639824f0cd9f979a3581f0078886b4fd7bc3c3223446f5e5a75a28cc2f8068221c6c3dff863d6a9c8c27cefb959e484a7a4d6f1df114bdee
-
Filesize
5KB
MD5964256820345c69be27518b57bfa719c
SHA1a69fbee8f69283241365c6355c9d2847cb79641d
SHA256b1da77d69cc958f0a84c9b4c565383e827177b5e994e9eb8d22e9c825466a392
SHA512feb9db89eb5b18011a17ea54d9289970345f20865b2a7dc98430b49c42737f7e25878ac4c575d433cb1c5ef990df04af2f47d15f581c369486335deb4d0fb524
-
Filesize
5KB
MD5e9bec793a8b49e0d6ad33782ab6c55cc
SHA1ff7c8523458e26cb7e300864001bd4ff9b8645b9
SHA256206f341bec5c9b76d18d7abe937fa433ab92f4b3f21320f3ed6c134a63870f85
SHA5121340ddde8bc1593f9333391453b43f290207e45209d8e2f9ceb8ae2a60409b5e9fb9b2cbd16141553724c98a29e880044fd40341432f4196ec3a17e087d3e51a
-
Filesize
5KB
MD5032dbedeb7209e2a74bbe25c448e0df0
SHA1c84d122fc581e13eb44033feb74958aaa84186b4
SHA25666306cdf943b6bf35b8dd789e0a591f4e89b8977a3de41e4af629651a27418a1
SHA512b535c1286a5918483b8606c21996889a7dad7b58b3ac5fa7faec109be75f6238180a61597f21b5c7935f4c82f832686d8647bad6ec69610167aa7b234a12980f
-
Filesize
5KB
MD5e353a58ba83879396032a252e066dde8
SHA10b45cd6e797d4dbf7d70cdb6ef2164bcb7a7a726
SHA2565e638ffb9a060461276e8a055c17eaea046b993b945e9233312f319953ac0050
SHA512aa9e6236e31872c24c0ee2a9d48a0ad82523abb5051320a60f341f2b073692007e10d07d77adc3ff270316ecff201f95d29f5a339eb7371b261bc1028d49e7fa
-
Filesize
5KB
MD5cbf0d6b733610acf096e6ec829b472af
SHA1fac6a9f36168dc1d7f88e1a1093278fd6bcaf205
SHA25630cf32f87ae87459e924082f84cd9b19a99118f3282708bef87966498c4b3f80
SHA512adcfb015ebb31394e8a1df3e4dfa073c803a8d3f97ae9c701043f0c865f02ab329a4a05c23b24a793e62b887f3991e10e20cacceff7f168dd507d9d32a242a82
-
Filesize
5KB
MD5d7771b35270b6714402e3102835ab048
SHA13a0499e7d6978402996a2fab0dc2bd2aa96e55b0
SHA2563216a373538794afd194c414b6f81bb8b53ca3d1cadacc3d48142f5db13eb0b4
SHA512f653c7da5f30a02abd8e8a5beb5616b45ac0ead9357ad5237c8db9cb98ad58ca251f91d7582bfb0705e5e82c3ebc3e8358eee0012332782efacf849b9aa938cc
-
Filesize
5KB
MD5702c39e4ad380fefa56efefe63a9e303
SHA16b7c5ac45e35b0fb03b2b2af3a73394a27d7b85d
SHA256e51ef80fcfd03bbedb0a7c0e3bbdca69bb7d26829241e742a30ae9faa0385ede
SHA512abd79a6f2ca3f837067045cea3e551affa34c99ced7d1ad66ef5d4f612a5e86b34304e95f4700a1d8c6e517a7715af0af973af6f7f514091b325c3eac68ce9ed
-
Filesize
4KB
MD5032706fb0b2a6c610f70ef342cdd1d48
SHA1bd3968b216bdbfbf2d7e3cfc2c026bea22b795c6
SHA25612203132d9bb160e8942f219b6f127897f1d9f617c70a6d9c3bcccdc557cefeb
SHA512b5c0944392c26791dbdbd920f8e01ec22864acbef46b6bb5ad7bb533c0aecce12501f6476148ac6f95deae4e9aeacadf84832430bc53e7cbeaebc3eb0ea860ba
-
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Web Applications\_nwjs_pcapp.store\pc_app_store.ico.md5
Filesize16B
MD503e9f614a008075733c76883156b568b
SHA15f9cb1b06928487c4b836e9dedc688e8a9650b0b
SHA256b1a6a6fb45ad1e13054c40dc7c09e3098ee830bcf1ebaec27f640ae4c64b8416
SHA5127e6969c8908a6bf57bd2cb4457a7c78360468383acee589278e49829617e2f3b872dd8213e57a2ed8f512d444c67a2e619deabdc1394d1c39c7759ed3c744f94
-
Filesize
2KB
MD54bd6a9b8b765a36598abe3a5443a735a
SHA1363a5e75247029d7487f9acaa3611da54ae8c952
SHA2567e7174b04afe0efe5d8a6628523be3827e63aaad2c8cfd32e0e00644331352de
SHA5128d9a63044e337ed932d441300d6a86d98aabb278f33822927f008a0d6628a49740d98147c992d330215e05e6a3f3efa081c00815486e45fe244dd984a245cfe3
-
Filesize
921B
MD53e4a6500034ccad66c762fcd3e151c90
SHA11733af9144d595570c784ab1655f33ddb8cb9600
SHA256091f7571a2260e3cdbba7179d3b8b0e37221422652e2a192055c1469249ea04b
SHA5125fe69a16ffa537eb4a73e5d396491f5bc30e87159c42beef869b149d389e8e601b2cfee10fc2e21fce4f678f502fe71f747488f1035943ede5c7eacd8539c51f
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD5eaa2c2eec6c6c3e2f861ce0e1bb85852
SHA1e1c5186c1fded577fce57d4741407dcde12dfbdd
SHA25687c260876df76456740d8ee9f6680818ece7d0ce0c98d013505e922873833819
SHA512590ebc3438ee05d7fd800d535f54179315d5fc1ff5844c17a0ff9c64c2997e45f4303dc59f5926ae3b10917b7470c8e3b5c41810f23413768c6850f70bc6d4bb
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD540126028ad695a054ee6ae7f667acbfc
SHA1aee4ba7ab8d4e6cae50dcdb1b2a23fe507fade5b
SHA256c5bb182ed4aa73a6430d2e31c5cb26b44f9e27c04e827e9ae593aab8add3c564
SHA512b7e15a1bcdb22052cef50c89e19c4250b54f9ce68e0f949b7710ea7c4572221f41ad13be2d0c76756f416ee58cce595ba2aa47ebb912a27abf3ffba6b1e6065d
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD59210e35ae41f4e0b2d89dade512e9ea7
SHA11132f48c1f5dd12155fdf15b2659e93e4388105b
SHA256028a630928d819513dbedddde14e2aac433341bbbe7601ed6932f76f7ea81bd0
SHA51275a00a6b7f7286ed891b532272423f692eb7b5fee3fa675197cde96b02bb4e1dcc369332fe8ecf81f015cedfdcdadb736eea150658fdd6d5e018ee013c1846c7
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize11KB
MD5c4d209ce7ffd767951218f8fc676a508
SHA1817128b2b0efbfff2d7eb9325b66febd919cf718
SHA2562b306213c9c88a3e185f157d1260d8b924d1177e408cbe72c877491229c4d495
SHA512c7041a1cda37ee6b07ee64a098e3c1b9fe452b1f444fbea877168eb6d0d9feb7bccc6e9730d4527dc29afed5426bf43fc861b6e753bb622b681517b0cc2553ab
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize11KB
MD5b24a56d3c5fc2a95e60dabf205f86837
SHA1952a99b851ded3b1a827107ba1094006d2c318fd
SHA2566d84ae09c089bf7f033fb737214ea4de26ab43540d81f020613024584a81156c
SHA512f3024404be89510270aa25c74f886d3e63f1842974af1baa74a2c4c39a32194cb2f6c1e506f94e871883eddc010dbcc7a0bdcfaa74f8fd9c71584c7ec4b20737
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize11KB
MD55f55f497ab3308ac55d389fbffcb9f44
SHA1d3d3397248ab301984e8f9ba1df6de8d84b762bb
SHA2560d1f2a0b514a0b5e6fa13041dc4c4467a946cec49eab6508b7bf35583abab66b
SHA5120c6ed021b9a39d93097edbada377ca4f38917b66ab0310bac359939d91466af692d7e34ae927e515bb023f100c3de3a5c5c05f3c2cc3071643cd7555135e9bb8
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD5865f5074901f21f0a75b3327e80e4b60
SHA19847e161a7c4c3740a31f52b66da109c17e29c7d
SHA256dad28449070104fd238e6a3337fcafe25c50548616db759b29a163dd90983d26
SHA512f3d5b1aa5bb76addca628317c8282039211eb5c422a7b1f1124239b499178194a899f8cee93e0870beb4879fa4c48c62866bac837ecb250d44c930a5ff42160f
-
Filesize
2KB
MD598f3d9fde018ff9666f908120a4b0fad
SHA15e9e99490e7bb458f30b9ab5f6a6bb2915fa5747
SHA256142415954dceb053977fb07b1b92d38e87869a98572994855c813c89d7f85f70
SHA51241258787223d3a046210beb787fcd804cf975dda38f24f405459c653f59622a9813fac37cbe7b2538a75730bffb21cf1c8c211b5929bbae63071f3851afd0eb7
-
Filesize
5.7MB
MD5714b42c0e145a0c2d6d35f0191787ad0
SHA115db1463bd28d89f660985bf73376489fa09d765
SHA2562c75ae485bd7def9abc6bed3a3cafc3a35bf27e6f0425132e310ff48590025b0
SHA5122726dd10c1270c1cffb0a471037e83afb72ce92ed39c1a7bea915ebdda0a6c955e475f8ad83ee476ca9847957d906cd3fe7cf13dad82b2550d3a48db6972cfef
-
Filesize
56B
MD5808334d033412d43792cddf998caa22d
SHA1e7f3926b94adf04ea33da33247643a2fb480ec3c
SHA2562d64c228dbd1b821db261fa9d650322b2f3b97b6019bf631a1730b9b23b0cee3
SHA512cc311ec62870668c4fbcd32cde05597d214d137c1fd9514083cdb890d0af831eb1cc18597ad3ad275a15f9aaa42052acf3cfc829e2f0020c492bebc35f5f78c9
-
Filesize
115KB
MD587cbf3e8f93ee2211c57af6507451a39
SHA1f5414260e610e0f4a02be7bebefe1604c6a31927
SHA256da52aa7a93b8406440a9c6e9f2986a7cfcee3dd86962e8c94aee59da3bb8f7a9
SHA512aaea86e3c9b40f36204a34dc00e4ab8bad51d16fac423ee98e35609a95eb8855fd9e256a119f367c4fd1c38b7cfbabdef268a8b85f52d523ce713cce5f86f5c0
-
Filesize
7B
MD54047530ecbc0170039e76fe1657bdb01
SHA132db7d5e662ebccdd1d71de285f907e3a1c68ac5
SHA25682254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750
SHA5128f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e
-
Filesize
1010KB
MD5a69d796ab71f88742ebc5317ff46015a
SHA1e0161537372941371751cfc3defe9041b03251c1
SHA256204259fc2caf158eb9bfae76aa4204dde93a18643f5cbb578d8f93260f11593d
SHA512c948df9b292b6e4340e1329bdc467fb8ba9d4d8d08256d761efcd451d50c9432dc08ad4fa030f6a65d4abb7ab7ecf266b93421e16e14c655391a13e6c88745d4
-
Filesize
488KB
MD55afcb5dcc99b3d7bed0e2d479a271409
SHA1fb1f25635a260c17648d7481c5a329477e48efcb
SHA256a0785881a144a7e23f3f62e6703617153cae11904897713695457cfdf513cb75
SHA512e43272d05dfd0afbc0741dff646353e5eea67a6b19cd2d801b6f29ea2010c1a6f6e34dff51f5b815a4fcd9d03ffb27bfb262cc2bf25c6b3050ef4478f5e9aa81
-
Filesize
67B
MD5d38e66e2b229c3d9cec36a4fa837bb77
SHA1a6d02df56342c0bdb60731eafe6b080cdd1d08b0
SHA256770d3cef7eac5dc3edfae6cc98861df7d7a6cacaad394d363ef9dadb869b2800
SHA512b73c706c6385c5d562262a02625bcc02721c7f8fe8165c817a796348d9eb0d4aab88b84bcef7c6dc71089ff6376d8a22bbc49733bc77c12fe2cfa71a395ff12a
-
Filesize
177B
MD5c4538f66048844448da4c35ed70bec13
SHA1509174a3b8c000c735fbc8e1f5740c4c413ccd5b
SHA2569536f38f4fed91ec7fd801d188b9e7cd42e964016d67bed316e5f1eae717ad13
SHA512f7cb05ee1388df8f2113e92711c3bb5de7943356bf5f71b6c0855d6976b3fc139584f02235e2191be94f70879a41467d06b045d4580784e7b7e96150b227f27e
-
Filesize
1.0MB
MD582d7ab0ff6c34db264fd6778818f42b1
SHA1eb508bd01721ba67f7daad55ba8e7acdb0a096eb
SHA256e84331e84cd61d8bdacc574d5186fb259c00467513aa3f2090406330f68a45db
SHA512176458b03cc2b2d3711965cd277531e002ae55d284b6c9178d2353e268f882430235468e5a1e9e45c8427864d109cf30a024a993b4763a75fa2744f6e0a6ae2a
-
Filesize
796KB
MD518693249f3a283e83b8179e692ffbba9
SHA1546c0d89f8c8096d22c6f6be7e843cf5ce08e220
SHA2563d828bcccc628e7096856337b178da5608a6c3db99383374e6c49d50a1895e64
SHA5121ab246fea99daf75831f26930d458a05ff0efd5f9c71c9c4396681a065fcf9f5c04af774df34ad55e140b71d41e42254ee2d9dabbb18009800bdfc62170a8c39
-
Filesize
108KB
MD557428456c6e6c2ea328c864681db5df3
SHA12dc7329e0b346c435b6ea5cf44a3d0a076f8d398
SHA256ee87747102eba8844939352740d0bb6c4a67f10c2656961cb2722cd42ba99f40
SHA51240fb34fce07f094fdaf78c499a21c3f534f0c8ae1246b6cf382ea7e63fa08b4de56e6c81eb8fadce8a2e508ae5d03831590a06ffda3d46026fb894e4997f31b0
-
Filesize
108B
MD50f265661c3f2a77982e500475a1862e9
SHA1e173386aa23daaa00f9a6d212120667a6eafd702
SHA25644b5726a377aa27d65a4992274c4116eb86d5ac4115bf91aca15794b82639197
SHA51222c2e44a83e2ee8a8c5fbe1d23fced169c9517d82b156788d64b80bf0af68615ba3ad86c09aad4931bc7d97f4ba3470b3a55fa504fb212aa17cbf588ca586994
-
Filesize
111B
MD5225c08f039684dfb54aac162dd9d5b9e
SHA1426bd1044bfcd5e1a10b58ed1f217a6b33b2e9c3
SHA25698306b21c0aaf9546301f4ab7fed785dc369c67e2fd2ad4d62fc63f072a51e3c
SHA512d6ff6cea0c08d13a642996a110432792048d21160c04543fbcacc60abcde362318e13a42fcd7520bc7673e98544a68a3eb6cc4338f4f4d8e90e0dfd5c40b77b7
-
Filesize
1KB
MD5ee002cb9e51bb8dfa89640a406a1090a
SHA149ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA2563dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c
-
Filesize
78B
MD5f484730e3678d8a3d9d2e39ec6e43aa5
SHA101567fae3cbd5beaf099f5ccbd0a2f2d39f620ac
SHA256dfc1e147364cce4708e0d4bad53e46669edc0cfe0fa9c78f773a8d5ee5bb7895
SHA512ffb55a70258aaf3b6c3de39298cb0cd0700263c6cfb83ca26a798c41082925f2b45d49b23746d7ae971346b94e8f545f72b005b19e6f16b0955623a1313f9e33
-
Filesize
72B
MD509ae1e90f3aa21ac68cb7f6c1bfcc331
SHA1a310ef51295749454c15136a3c30f566721076a7
SHA256a24285c52c20baa1b824042982967c6291d755318ce98afa003a7f138c1b858a
SHA512179a6ab02d8e96bcd5a8ece1e20eef980a71bab2ec5a1147781f9b29bf57f0428cda36deae13e6bfc19654017bfd6c75e49d31fb77e1324fe7a1ce48aaa404bd
-
Filesize
108B
MD555d0da4886efa9d373256980afe0b0c4
SHA1495d838f50d5e76226480487be4770fdf289bf2f
SHA256816e30826889f2e140b03e0c7cfdcd31dedb307c30712b017843080b271891a9
SHA5120591312ee7c3e51cd0b2c13cd97aab7f65fb8fb1eaf65ddef3e3a7a49218893e1827ca3b217ecacfeb02bde8926ae81ad893db1031b2e891d2b06aff6a6d5327
-
Filesize
1001B
MD52648d437c53db54b3ebd00e64852687e
SHA166cfe157f4c8e17bfda15325abfef40ec6d49608
SHA25668a3d7cb10f3001f40bc583b7fff0183895a61d3bd1b7a1c34e602df6f0f8806
SHA51286d5c3129bec156b17b8ebd5dec5a6258e10cb426b84dd3e4af85c9c2cd7ebf4faea01fd10dd906a18ea1042394c3f41a835eae2d83dc8146dfe4b6d71147828
-
Filesize
95B
MD5ea1afe8ec4bcb01e90d4b4c40561a455
SHA10026ee91ed70e8a78dc568c0f4f413368458a7fd
SHA25657e8a791b9890a0d7e5dbcc46a5abd00ded611dc107659f27ddaf46557491208
SHA51286681b1e05a7f937f1caa25fb337a68c03be0b92f2652e4fc2b8bcaaa0c8116a35de2399a1752f7136500d974de752a1a1368f07be73df7f5944c9cfda2e36ad
-
Filesize
300B
MD5db7eb7e54eed7c7a94fabef1ff06ffce
SHA159ec7c4812b8281eedee765e052d280ef6d14be1
SHA256dd43b3afeac53c5756b53b5a987feb96ca78d2016c5513a971b2d570a959c0d0
SHA512eaae4182dbbd8c53a83cefc0070c1ba4542fdbf912e39537054f2fd5eef3ab0a6247f37d17acab31859a72fe69b2008d5ea5ff04fde3fb31666c2cada205ea53
-
Filesize
196B
MD5898f5b3c1b9e44506bd7a511321440d6
SHA10096290f45fe065bf6ee65e535cf5b2ce6949276
SHA2569d00037ba16af20e96e2afc34f260f0e51183904c8adfbb0c2fa96ddc7a16f81
SHA5120cf4ad588afc6df659809325f582f64aaaf1ee3661893dd76209ce3036ac553518ee007666faf7c08a0f2742f8eb528c8cc0c181d1f62e182bdd14e1553c3f9c