Analysis
-
max time kernel
90s -
max time network
92s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
14-06-2024 05:07
Static task
static1
Behavioral task
behavioral1
Sample
Wave Browser.exe
Resource
win7-20240221-en
General
-
Target
Wave Browser.exe
-
Size
1.2MB
-
MD5
1684aab6fae1ed888cf6d3c45e3f5fa7
-
SHA1
6acc87b81836575bf7b497f0e8a9a23a221f06b7
-
SHA256
4114122c0dca23f637d83eed33f9abcdc92709e2ac6f63ffd55f5aae519b58ab
-
SHA512
6d4bafe21686ce62cc129082e8dcd4da87fa7dcaea5eee9862a99adbb0142e89fe0e9d097ee2b9a9a6b6eab3ee23b6a26c4fa587d7ce1782a1d2e2c1454c2e71
-
SSDEEP
24576:2s/RUhtSWUeNXoCPxjyJVhGi4vGuOg9ajduJd/WDj0uX:2oRUhoK/9ecwjd6d/sIuX
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
SWUpdater.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Wavesor SWUpdater = "\"C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\SWUpdaterCore.exe\"" SWUpdater.exe -
Processes:
SWUpdater.exeSWUpdater.exeSWUpdater.exeSWUpdater.exeSWUpdater.exeSWUpdater.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe -
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 48 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
wavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exesetup.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exeSWUpdater.exeSWUpdater.exewavebrowser.exewavebrowser.exewavebrowser.exeWave Browser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation setup.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation SWUpdater.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation SWUpdater.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation Wave Browser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation wavebrowser.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry 2 TTPs 3 IoCs
System information is often read in order to detect sandboxing environments.
Processes:
wavebrowser.exewavebrowser.exedescription ioc process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName wavebrowser.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer wavebrowser.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName wavebrowser.exe -
Drops file in Program Files directory 14 IoCs
Processes:
SWUpdaterSetup.exedescription ioc process File created C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\psuser_64.dll SWUpdaterSetup.exe File created C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdaterCore.exe SWUpdaterSetup.exe File created C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\swupdaterres_en.dll SWUpdaterSetup.exe File opened for modification C:\Program Files (x86)\Wavesor\Temp\GUTB4E9.tmp SWUpdaterSetup.exe File created C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdaterBroker.exe SWUpdaterSetup.exe File created C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdaterComRegisterShell64.exe SWUpdaterSetup.exe File created C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\psmachine_64.dll SWUpdaterSetup.exe File created C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\psuser.dll SWUpdaterSetup.exe File created C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\swupdater.dll SWUpdaterSetup.exe File created C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdaterSetup.exe SWUpdaterSetup.exe File created C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdaterOnDemand.exe SWUpdaterSetup.exe File created C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdater.exe SWUpdaterSetup.exe File created C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\psmachine.dll SWUpdaterSetup.exe File opened for modification C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdaterSetup.exe SWUpdaterSetup.exe -
Executes dropped EXE 64 IoCs
Processes:
SWUpdaterSetup.exeSWUpdater.exeSWUpdater.exeSWUpdaterComRegisterShell64.exeSWUpdaterComRegisterShell64.exeSWUpdaterComRegisterShell64.exeSWUpdater.exeSWUpdater.exeSWUpdater.exeWaveInstaller-v1.3.16.5.exesetup.exesetup.exesetup.exesetup.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exeSWUpdater.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exepid process 880 SWUpdaterSetup.exe 4656 SWUpdater.exe 3732 SWUpdater.exe 2232 SWUpdaterComRegisterShell64.exe 2132 SWUpdaterComRegisterShell64.exe 1528 SWUpdaterComRegisterShell64.exe 1872 SWUpdater.exe 4268 SWUpdater.exe 1960 SWUpdater.exe 1300 WaveInstaller-v1.3.16.5.exe 2448 setup.exe 224 setup.exe 1544 setup.exe 892 setup.exe 3428 wavebrowser.exe 1100 wavebrowser.exe 764 wavebrowser.exe 2628 wavebrowser.exe 3960 wavebrowser.exe 4060 wavebrowser.exe 4540 wavebrowser.exe 1656 wavebrowser.exe 2108 SWUpdater.exe 1172 wavebrowser.exe 4052 wavebrowser.exe 3588 wavebrowser.exe 1240 wavebrowser.exe 1300 wavebrowser.exe 1428 wavebrowser.exe 2868 wavebrowser.exe 4532 wavebrowser.exe 944 wavebrowser.exe 2784 wavebrowser.exe 2124 wavebrowser.exe 1200 wavebrowser.exe 1512 wavebrowser.exe 3500 wavebrowser.exe 5204 wavebrowser.exe 5316 wavebrowser.exe 5364 wavebrowser.exe 5508 wavebrowser.exe 5596 wavebrowser.exe 5640 wavebrowser.exe 5756 wavebrowser.exe 4076 wavebrowser.exe 5960 wavebrowser.exe 6024 wavebrowser.exe 5888 wavebrowser.exe 5256 wavebrowser.exe 5276 wavebrowser.exe 5340 wavebrowser.exe 5400 wavebrowser.exe 5412 wavebrowser.exe 5492 wavebrowser.exe 5580 wavebrowser.exe 5636 wavebrowser.exe 5720 wavebrowser.exe 5824 wavebrowser.exe 5760 wavebrowser.exe 3500 wavebrowser.exe 5264 wavebrowser.exe 5560 wavebrowser.exe 5772 wavebrowser.exe 5356 wavebrowser.exe -
Loads dropped DLL 64 IoCs
Processes:
SWUpdater.exeSWUpdater.exeSWUpdaterComRegisterShell64.exeSWUpdaterComRegisterShell64.exeSWUpdaterComRegisterShell64.exeSWUpdater.exeSWUpdater.exeSWUpdater.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exeSWUpdater.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exepid process 4656 SWUpdater.exe 3732 SWUpdater.exe 2232 SWUpdaterComRegisterShell64.exe 3732 SWUpdater.exe 2132 SWUpdaterComRegisterShell64.exe 3732 SWUpdater.exe 1528 SWUpdaterComRegisterShell64.exe 3732 SWUpdater.exe 1872 SWUpdater.exe 4268 SWUpdater.exe 1960 SWUpdater.exe 1960 SWUpdater.exe 4268 SWUpdater.exe 3428 wavebrowser.exe 1100 wavebrowser.exe 3428 wavebrowser.exe 764 wavebrowser.exe 2628 wavebrowser.exe 764 wavebrowser.exe 2628 wavebrowser.exe 764 wavebrowser.exe 764 wavebrowser.exe 764 wavebrowser.exe 3960 wavebrowser.exe 3960 wavebrowser.exe 764 wavebrowser.exe 4060 wavebrowser.exe 4060 wavebrowser.exe 4540 wavebrowser.exe 4540 wavebrowser.exe 1656 wavebrowser.exe 1656 wavebrowser.exe 2108 SWUpdater.exe 1172 wavebrowser.exe 1172 wavebrowser.exe 4052 wavebrowser.exe 3588 wavebrowser.exe 1240 wavebrowser.exe 1240 wavebrowser.exe 4052 wavebrowser.exe 1300 wavebrowser.exe 1428 wavebrowser.exe 1300 wavebrowser.exe 3588 wavebrowser.exe 2868 wavebrowser.exe 2868 wavebrowser.exe 4532 wavebrowser.exe 4532 wavebrowser.exe 944 wavebrowser.exe 944 wavebrowser.exe 2124 wavebrowser.exe 2124 wavebrowser.exe 1200 wavebrowser.exe 1200 wavebrowser.exe 2784 wavebrowser.exe 2784 wavebrowser.exe 1428 wavebrowser.exe 1512 wavebrowser.exe 1512 wavebrowser.exe 3500 wavebrowser.exe 3500 wavebrowser.exe 5204 wavebrowser.exe 5204 wavebrowser.exe 5316 wavebrowser.exe -
Registers COM server for autorun 1 TTPs 55 IoCs
Processes:
SWUpdater.exeSWUpdaterComRegisterShell64.exeSWUpdaterComRegisterShell64.exeSWUpdaterComRegisterShell64.exesetup.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser.dll" SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32\ThreadingModel = "Both" SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{3C41B0C4-B5B6-4293-BED4-C927CCFDB909}\LocalServer32 SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32\ThreadingModel = "Both" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{1BE9D40C-2307-4213-830E-7E3CE9EDF0C2}\LocalServer32 SWUpdater.exe Key deleted \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ThreadingModel = "Both" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser.dll" SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32\ThreadingModel = "Both" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{30FB944E-9455-49DD-81C6-7542E47AA3E7}\LocalServer32 SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{3C41B0C4-B5B6-4293-BED4-C927CCFDB909}\LocalServer32\ = "\"C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\SWUpdaterOnDemand.exe\"" SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ThreadingModel = "Both" SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32\ThreadingModel = "Both" SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32\ThreadingModel = "Both" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32 SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{D12748C8-5013-45E2-9A24-2FB7C2EEFB7C}\LocalServer32 SWUpdater.exe Key deleted \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32 SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32\ThreadingModel = "Both" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ThreadingModel = "Both" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32 SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32 SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32 SWUpdaterComRegisterShell64.exe Key deleted \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{1BE9D40C-2307-4213-830E-7E3CE9EDF0C2}\LocalServer32\ = "\"C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\SWUpdaterOnDemand.exe\"" SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{9CD78CBC-FD21-4FFF-B452-9D792A58B7C4}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\Wavesor Software\\WaveBrowser\\1.3.16.5\\notification_helper.exe" setup.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 SWUpdater.exe Key deleted \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ThreadingModel = "Both" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32\ThreadingModel = "Both" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{30FB944E-9455-49DD-81C6-7542E47AA3E7}\LocalServer32\ = "\"C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\SWUpdaterOnDemand.exe\"" SWUpdater.exe Key deleted \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser.dll" SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{9E0CE9B5-C498-40A8-B7F2-B89AF1C56FFF}\LocalServer32\ = "\"C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\SWUpdater.exe\"" SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{D12748C8-5013-45E2-9A24-2FB7C2EEFB7C}\LocalServer32\ = "\"C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\SWUpdaterOnDemand.exe\"" SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32\ThreadingModel = "Both" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{9CD78CBC-FD21-4FFF-B452-9D792A58B7C4}\LocalServer32\ = "\"C:\\Users\\Admin\\Wavesor Software\\WaveBrowser\\1.3.16.5\\notification_helper.exe\"" setup.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{9E0CE9B5-C498-40A8-B7F2-B89AF1C56FFF}\LocalServer32 SWUpdater.exe Key deleted \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{9CD78CBC-FD21-4FFF-B452-9D792A58B7C4}\LocalServer32 setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" SWUpdaterComRegisterShell64.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 5 IoCs
Processes:
wavebrowser.exewavebrowser.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer wavebrowser.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS wavebrowser.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName wavebrowser.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS wavebrowser.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName wavebrowser.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
wavebrowser.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry wavebrowser.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628153072182468" wavebrowser.exe -
Modifies registry class 64 IoCs
Processes:
SWUpdaterComRegisterShell64.exeSWUpdater.exeSWUpdaterComRegisterShell64.exeSWUpdaterComRegisterShell64.exesetup.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{C0151E6C-8D24-485D-BEC8-B6C6C82E26E8}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\Interface\{97518FC7-7CA2-4921-BC40-F4A07E221C1C}\NumMethods SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{E44B162B-4287-40B0-8E7A-6E251D80B3DF}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{C5E89508-3927-4EF5-A3B3-C479F0D4E36F}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{64A19E70-BCFF-4808-A320-774FD11571E5}\NumMethods\ = "4" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{8129608C-48BD-42A6-9EBC-7B0933A5CFA3}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\Interface\{64A19E70-BCFF-4808-A320-774FD11571E5}\NumMethods\ = "4" SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{CFDE680E-8700-4808-BAAF-8B1F50F2CC87} SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\Interface\{6130C56B-9B2C-4D5D-8160-C7A583B5DC3B}\ProxyStubClsid32 SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{8129608C-48BD-42A6-9EBC-7B0933A5CFA3}\NumMethods\ = "12" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{E053F7BD-D525-49F4-9ADE-5D7E6FCEE775}\NumMethods\ = "4" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{CFDE680E-8700-4808-BAAF-8B1F50F2CC87}\ProxyStubClsid32 SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{894ADE70-1E5F-4520-A281-CE3BF0309CE6}\ProxyStubClsid32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{B2083DCC-1D29-45E6-8386-BEE1488D11AA}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{1BE9D40C-2307-4213-830E-7E3CE9EDF0C2}\LocalServer32\ = "\"C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\SWUpdaterOnDemand.exe\"" SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{6130C56B-9B2C-4D5D-8160-C7A583B5DC3B}\ProxyStubClsid32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\Interface\{894ADE70-1E5F-4520-A281-CE3BF0309CE6}\ = "IAppCommandWeb" SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{CEF9DF20-AE5B-4A54-B479-9C2AFC1C2683}\ProxyStubClsid32 SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WavesorSWUpdater.OnDemandCOMClassUser.1.0 SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{894ADE70-1E5F-4520-A281-CE3BF0309CE6}\NumMethods\ = "11" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\Interface\{B2083DCC-1D29-45E6-8386-BEE1488D11AA} SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\ = "PSFactoryBuffer" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{D669BD5D-A9B6-47FD-B558-81508AEF48C4}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WaveBrwsHTM.65ZDZT434SRMEY74KLXIAQQQG4\Application\ApplicationIcon = "C:\\Users\\Admin\\Wavesor Software\\WaveBrowser\\wavebrowser.exe,0" setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{E4E159E0-7B9C-4D75-AC11-A80628173DE3}\NumMethods\ = "8" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{E44B162B-4287-40B0-8E7A-6E251D80B3DF}\ProxyStubClsid32 SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{D12748C8-5013-45E2-9A24-2FB7C2EEFB7C}\ProgID SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\Interface SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\Interface\{C5E89508-3927-4EF5-A3B3-C479F0D4E36F}\NumMethods SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\Interface\{894ADE70-1E5F-4520-A281-CE3BF0309CE6} SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\Interface\{E053F7BD-D525-49F4-9ADE-5D7E6FCEE775}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\Interface\{E44DDEE0-3097-499E-9DD5-7D5D5DCC401D}\NumMethods\ = "8" SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{97518FC7-7CA2-4921-BC40-F4A07E221C1C}\NumMethods SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{97518FC7-7CA2-4921-BC40-F4A07E221C1C}\NumMethods SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{64A19E70-BCFF-4808-A320-774FD11571E5}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{E053F7BD-D525-49F4-9ADE-5D7E6FCEE775}\ProxyStubClsid32 SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{2C53B9D4-A718-4972-B28E-2E7AF1055602} SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WaveBrwsHTM.65ZDZT434SRMEY74KLXIAQQQG4\shell\open\command setup.exe Key deleted \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{2B2AD342-8BBC-40AD-AF1B-6887EAB9D3D0}\InprocHandler32 SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{3BE77C6E-0029-4F24-B677-32C9E15CD8F1}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{D3C865DD-E36B-432E-9E47-554925B86737}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\Interface\{E4E159E0-7B9C-4D75-AC11-A80628173DE3}\NumMethods\ = "8" SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{E4E159E0-7B9C-4D75-AC11-A80628173DE3}\NumMethods SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{8129608C-48BD-42A6-9EBC-7B0933A5CFA3}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{D3C865DD-E36B-432E-9E47-554925B86737}\ProxyStubClsid32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{E44DDEE0-3097-499E-9DD5-7D5D5DCC401D}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{DDF98EF0-2728-4A8D-8B0F-32627DC56437}\ProxyStubClsid32 SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\Interface\{50363C3E-2FB2-4EC0-A827-CD3314F526C5} SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ThreadingModel = "Both" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{E44B162B-4287-40B0-8E7A-6E251D80B3DF}\NumMethods SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{6130C56B-9B2C-4D5D-8160-C7A583B5DC3B}\NumMethods SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{1BE9D40C-2307-4213-830E-7E3CE9EDF0C2}\ProgID\ = "WavesorSWUpdater.OnDemandCOMClassUser.1.0" SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{068FAC78-4F23-4F74-99A0-F7C4797D5ECA}\ProxyStubClsid32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{E44B162B-4287-40B0-8E7A-6E251D80B3DF}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WavesorSWUpdater.Update3WebUser\CurVer\ = "WavesorSWUpdater.Update3WebUser.1.0" SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WaveBrwsHTM.65ZDZT434SRMEY74KLXIAQQQG4\shell setup.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE} SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\Interface\{894ADE70-1E5F-4520-A281-CE3BF0309CE6}\ProxyStubClsid32 SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32\ThreadingModel = "Both" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{E44B162B-4287-40B0-8E7A-6E251D80B3DF} SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{7DFF302B-EA41-49F8-97B1-9413CEF98C68}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdaterComRegisterShell64.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
Processes:
SWUpdater.exesetup.exewavebrowser.exepid process 4656 SWUpdater.exe 4656 SWUpdater.exe 2448 setup.exe 2448 setup.exe 2448 setup.exe 2448 setup.exe 2448 setup.exe 2448 setup.exe 2448 setup.exe 2448 setup.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 4656 SWUpdater.exe 4656 SWUpdater.exe 4656 SWUpdater.exe 4656 SWUpdater.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
SWUpdater.exepid process 4268 SWUpdater.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 43 IoCs
Processes:
wavebrowser.exepid process 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe -
Suspicious use of AdjustPrivilegeToken 59 IoCs
Processes:
Wave Browser.exeSWUpdater.exewavebrowser.exedescription pid process Token: SeDebugPrivilege 684 Wave Browser.exe Token: SeDebugPrivilege 4656 SWUpdater.exe Token: SeShutdownPrivilege 3428 wavebrowser.exe Token: SeCreatePagefilePrivilege 3428 wavebrowser.exe Token: SeDebugPrivilege 4656 SWUpdater.exe Token: SeShutdownPrivilege 3428 wavebrowser.exe Token: SeCreatePagefilePrivilege 3428 wavebrowser.exe Token: SeShutdownPrivilege 3428 wavebrowser.exe Token: SeCreatePagefilePrivilege 3428 wavebrowser.exe Token: SeShutdownPrivilege 3428 wavebrowser.exe Token: SeCreatePagefilePrivilege 3428 wavebrowser.exe Token: SeShutdownPrivilege 3428 wavebrowser.exe Token: SeCreatePagefilePrivilege 3428 wavebrowser.exe Token: SeShutdownPrivilege 3428 wavebrowser.exe Token: SeCreatePagefilePrivilege 3428 wavebrowser.exe Token: SeShutdownPrivilege 3428 wavebrowser.exe Token: SeCreatePagefilePrivilege 3428 wavebrowser.exe Token: SeShutdownPrivilege 3428 wavebrowser.exe Token: SeCreatePagefilePrivilege 3428 wavebrowser.exe Token: SeShutdownPrivilege 3428 wavebrowser.exe Token: SeCreatePagefilePrivilege 3428 wavebrowser.exe Token: SeShutdownPrivilege 3428 wavebrowser.exe Token: SeCreatePagefilePrivilege 3428 wavebrowser.exe Token: SeShutdownPrivilege 3428 wavebrowser.exe Token: SeCreatePagefilePrivilege 3428 wavebrowser.exe Token: SeShutdownPrivilege 3428 wavebrowser.exe Token: SeCreatePagefilePrivilege 3428 wavebrowser.exe Token: SeShutdownPrivilege 3428 wavebrowser.exe Token: SeCreatePagefilePrivilege 3428 wavebrowser.exe Token: SeShutdownPrivilege 3428 wavebrowser.exe Token: SeCreatePagefilePrivilege 3428 wavebrowser.exe Token: SeShutdownPrivilege 3428 wavebrowser.exe Token: SeCreatePagefilePrivilege 3428 wavebrowser.exe Token: SeShutdownPrivilege 3428 wavebrowser.exe Token: SeCreatePagefilePrivilege 3428 wavebrowser.exe Token: SeShutdownPrivilege 3428 wavebrowser.exe Token: SeCreatePagefilePrivilege 3428 wavebrowser.exe Token: SeShutdownPrivilege 3428 wavebrowser.exe Token: SeCreatePagefilePrivilege 3428 wavebrowser.exe Token: SeShutdownPrivilege 3428 wavebrowser.exe Token: SeCreatePagefilePrivilege 3428 wavebrowser.exe Token: SeShutdownPrivilege 3428 wavebrowser.exe Token: SeCreatePagefilePrivilege 3428 wavebrowser.exe Token: SeShutdownPrivilege 3428 wavebrowser.exe Token: SeCreatePagefilePrivilege 3428 wavebrowser.exe Token: SeShutdownPrivilege 3428 wavebrowser.exe Token: SeCreatePagefilePrivilege 3428 wavebrowser.exe Token: SeShutdownPrivilege 3428 wavebrowser.exe Token: SeCreatePagefilePrivilege 3428 wavebrowser.exe Token: SeShutdownPrivilege 3428 wavebrowser.exe Token: SeCreatePagefilePrivilege 3428 wavebrowser.exe Token: SeShutdownPrivilege 3428 wavebrowser.exe Token: SeCreatePagefilePrivilege 3428 wavebrowser.exe Token: SeShutdownPrivilege 3428 wavebrowser.exe Token: SeCreatePagefilePrivilege 3428 wavebrowser.exe Token: SeShutdownPrivilege 3428 wavebrowser.exe Token: SeCreatePagefilePrivilege 3428 wavebrowser.exe Token: SeShutdownPrivilege 3428 wavebrowser.exe Token: SeCreatePagefilePrivilege 3428 wavebrowser.exe -
Suspicious use of FindShellTrayWindow 60 IoCs
Processes:
setup.exewavebrowser.exepid process 1544 setup.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe -
Suspicious use of SendNotifyMessage 52 IoCs
Processes:
wavebrowser.exepid process 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe 3428 wavebrowser.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
Wave Browser.exeSWUpdaterSetup.exeSWUpdater.exeSWUpdater.exeSWUpdater.exeWaveInstaller-v1.3.16.5.exesetup.exesetup.exewavebrowser.exedescription pid process target process PID 684 wrote to memory of 880 684 Wave Browser.exe SWUpdaterSetup.exe PID 684 wrote to memory of 880 684 Wave Browser.exe SWUpdaterSetup.exe PID 684 wrote to memory of 880 684 Wave Browser.exe SWUpdaterSetup.exe PID 880 wrote to memory of 4656 880 SWUpdaterSetup.exe SWUpdater.exe PID 880 wrote to memory of 4656 880 SWUpdaterSetup.exe SWUpdater.exe PID 880 wrote to memory of 4656 880 SWUpdaterSetup.exe SWUpdater.exe PID 4656 wrote to memory of 3732 4656 SWUpdater.exe SWUpdater.exe PID 4656 wrote to memory of 3732 4656 SWUpdater.exe SWUpdater.exe PID 4656 wrote to memory of 3732 4656 SWUpdater.exe SWUpdater.exe PID 3732 wrote to memory of 2232 3732 SWUpdater.exe SWUpdaterComRegisterShell64.exe PID 3732 wrote to memory of 2232 3732 SWUpdater.exe SWUpdaterComRegisterShell64.exe PID 3732 wrote to memory of 2132 3732 SWUpdater.exe SWUpdaterComRegisterShell64.exe PID 3732 wrote to memory of 2132 3732 SWUpdater.exe SWUpdaterComRegisterShell64.exe PID 3732 wrote to memory of 1528 3732 SWUpdater.exe SWUpdaterComRegisterShell64.exe PID 3732 wrote to memory of 1528 3732 SWUpdater.exe SWUpdaterComRegisterShell64.exe PID 4656 wrote to memory of 1872 4656 SWUpdater.exe SWUpdater.exe PID 4656 wrote to memory of 1872 4656 SWUpdater.exe SWUpdater.exe PID 4656 wrote to memory of 1872 4656 SWUpdater.exe SWUpdater.exe PID 4656 wrote to memory of 4268 4656 SWUpdater.exe SWUpdater.exe PID 4656 wrote to memory of 4268 4656 SWUpdater.exe SWUpdater.exe PID 4656 wrote to memory of 4268 4656 SWUpdater.exe SWUpdater.exe PID 1960 wrote to memory of 1300 1960 SWUpdater.exe WaveInstaller-v1.3.16.5.exe PID 1960 wrote to memory of 1300 1960 SWUpdater.exe WaveInstaller-v1.3.16.5.exe PID 1960 wrote to memory of 1300 1960 SWUpdater.exe WaveInstaller-v1.3.16.5.exe PID 1300 wrote to memory of 2448 1300 WaveInstaller-v1.3.16.5.exe setup.exe PID 1300 wrote to memory of 2448 1300 WaveInstaller-v1.3.16.5.exe setup.exe PID 2448 wrote to memory of 224 2448 setup.exe setup.exe PID 2448 wrote to memory of 224 2448 setup.exe setup.exe PID 2448 wrote to memory of 1544 2448 setup.exe setup.exe PID 2448 wrote to memory of 1544 2448 setup.exe setup.exe PID 1544 wrote to memory of 892 1544 setup.exe setup.exe PID 1544 wrote to memory of 892 1544 setup.exe setup.exe PID 2448 wrote to memory of 3428 2448 setup.exe wavebrowser.exe PID 2448 wrote to memory of 3428 2448 setup.exe wavebrowser.exe PID 3428 wrote to memory of 1100 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 1100 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 764 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 764 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 764 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 764 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 764 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 764 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 764 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 764 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 764 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 764 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 764 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 764 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 764 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 764 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 764 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 764 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 764 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 764 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 764 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 764 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 764 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 764 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 764 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 764 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 764 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 764 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 764 3428 wavebrowser.exe wavebrowser.exe PID 3428 wrote to memory of 764 3428 wavebrowser.exe wavebrowser.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\Wave Browser.exe"C:\Users\Admin\AppData\Local\Temp\Wave Browser.exe"1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:684 -
C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe"C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe" /install "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1"2⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:880 -
C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdater.exe"C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdater.exe" /install "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1"3⤵
- Adds Run key to start application
- Checks whether UAC is enabled
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4656 -
C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /regserver4⤵
- Checks whether UAC is enabled
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3732 -
C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe"C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user5⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:2232
-
-
C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe"C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user5⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:2132
-
-
C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe"C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user5⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:1528
-
-
-
C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTMzLjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzMuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9InswNjlEMEM4Qy1CNzBGLTQ4NEUtOTJDMi1DODhGRUIzRUQwNEJ9IiB1c2VyaWQ9IntiM2RkODA0Zi01NWNiLTRjMmItODcxZC1jZWI4YzliMTcyNWF9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHJlcXVlc3RpZD0iezU1NDVCRkRBLUU0M0QtNEJERS1CQThFLTM1OTAyODhCQjA5NX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7RjZGNjBBQ0UtNzFBRC00NjEwLTgwRDQtOTI1MzcyOUZCNEI3fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjEzMy4wIiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNjQxIi8-PC9hcHA-PC9yZXF1ZXN0Pg4⤵
- Checks whether UAC is enabled
- Executes dropped EXE
- Loads dropped DLL
PID:1872
-
-
C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /handoff "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1" /installsource otherinstallcmd /sessionid "{069D0C8C-B70F-484E-92C2-C88FEB3ED04B}"4⤵
- Checks whether UAC is enabled
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:4268
-
-
-
-
C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" -Embedding1⤵
- Checks whether UAC is enabled
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1960 -
C:\Users\Admin\Wavesor Software\SWUpdater\Install\{287379F0-EE90-494F-B493-0C619B577D85}\WaveInstaller-v1.3.16.5.exe"C:\Users\Admin\Wavesor Software\SWUpdater\Install\{287379F0-EE90-494F-B493-0C619B577D85}\WaveInstaller-v1.3.16.5.exe" /installerdata="C:\Users\Admin\AppData\Local\Temp\guiF26E.tmp"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1300 -
C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe"C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\wavebrowser.packed.7z" --make-chrome-default --installerdata="C:\Users\Admin\AppData\Local\Temp\guiF26E.tmp"3⤵
- Executes dropped EXE
- Registers COM server for autorun
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2448 -
C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exeC:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.3.16.5 --initial-client-data=0x274,0x278,0x27c,0x244,0x280,0x7ff7e4aaea10,0x7ff7e4aaea20,0x7ff7e4aaea304⤵
- Executes dropped EXE
PID:224
-
-
C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe"C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe" --verbose-logging --installerdata="C:\Users\Admin\AppData\Local\Temp\guiF26E.tmp" --create-shortcuts=0 --install-level=04⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1544 -
C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exeC:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.3.16.5 --initial-client-data=0x274,0x278,0x27c,0x244,0x280,0x7ff7e4aaea10,0x7ff7e4aaea20,0x7ff7e4aaea305⤵
- Executes dropped EXE
PID:892
-
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --prevdefbrowser=6 --install-type=1 --from-installer4⤵
- Checks computer location settings
- Checks system information in the registry
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3428 -
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\WaveBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\WaveBrowser\User Data" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.3.16.5 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7ff9ce5748b0,0x7ff9ce5748c0,0x7ff9ce5748d05⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1100
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1956 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:25⤵
- Executes dropped EXE
- Loads dropped DLL
PID:764
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --mojo-platform-channel-handle=2176 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2628
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2476 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3960
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:1656
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3520 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:4060
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3816 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4540
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4432 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1172
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4528 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:4052
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4612 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:3588
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4768 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:2784
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4752 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:1300
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5000 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:1428
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5116 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:2868
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5236 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:4532
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5352 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:944
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --instant-process --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5468 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:1240
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6048 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2124
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6252 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1200
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6544 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:1512
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6784 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
PID:4076
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6940 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3500
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7084 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5204
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6684 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5316
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7328 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5364
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7312 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5508
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7612 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5596
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7752 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5640
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7892 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5756
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8068 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
PID:5888
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8256 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5960
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8420 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
PID:6024
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7568 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5256
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6552 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5276
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6928 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5340
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6128 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5400
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7412 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5412
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8692 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5492
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8716 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5580
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7460 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5636
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9024 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5720
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9160 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5824
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6000 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5760
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7172 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
PID:3500
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9204 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5264
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9248 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5560
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9400 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5772
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9540 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5356
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9388 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵PID:5216
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9808 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵PID:5464
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3780 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵PID:5756
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9952 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵PID:5420
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10192 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵PID:6040
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10344 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵PID:6104
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10488 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵PID:1816
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10624 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵PID:1152
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6416 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵PID:5408
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10904 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵PID:5644
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=11236 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵PID:5744
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=11248 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:5516
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=11196 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:5512
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=11168 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:5076
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=11552 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:4048
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=11712 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:5968
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=11924 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:5280
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6512 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵PID:6152
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=12204 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:6772
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=12192 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:6792
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=12528 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:6804
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=12728 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:6824
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=12960 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:7072
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=5940 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:6564
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=9212 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:6780
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=11768 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵PID:5536
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=4800 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:2156
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=4860 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:2636
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=5096 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:6224
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=8232 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:6328
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=5204 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:4328
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=5432 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:5904
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=11996 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:6376
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=5288 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:944
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=4504 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:6572
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=5068 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:5996
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=6604 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:5312
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=11508 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:5360
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --instant-process --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=6872 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:3048
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10420 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵PID:5988
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6820 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:85⤵PID:6596
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=9828 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:7000
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=11092 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:5592
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=7848 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:15⤵
- Checks computer location settings
PID:1032
-
-
-
-
-
C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTMzLjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzMuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9InswNjlEMEM4Qy1CNzBGLTQ4NEUtOTJDMi1DODhGRUIzRUQwNEJ9IiB1c2VyaWQ9Ins4NjQzNjkzZC1mZmQ0LTRjYmYtYTEzZC00OWVlYWI0ZmU2YjJ9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHJlcXVlc3RpZD0ie0FCMDBBM0M4LUI2REItNDRFNC05RjIwLTJDMDdDRTdCOTI4RX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7RUIxNDlBRDItQ0U0RS00RjUxLUI3RkMtQTE0OUZBQTRDQ0FGfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjE2LjUiIGxhbmc9ImVuIiBicmFuZD0iIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHBzOi8vY2RuLnN3dXBkYXRlci5jb20vYnVpbGQvV2F2ZUJyb3dzZXIvc3RhYmxlL3dpbi8xMTEyMzk3NTc4MjQ1LzY0L1dhdmVJbnN0YWxsZXItdjEuMy4xNi41LmV4ZSIgZG93bmxvYWRlZD0iOTYwMzM3MjAiIHRvdGFsPSI5NjAzMzcyMCIgZG93bmxvYWRfdGltZV9tcz0iNzU3OCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjY3MiIgZG93bmxvYWRfdGltZV9tcz0iODI1NyIgZG93bmxvYWRlZD0iOTYwMzM3MjAiIHRvdGFsPSI5NjAzMzcyMCIgaW5zdGFsbF90aW1lX21zPSIxMjY3MyIvPjwvYXBwPjwvcmVxdWVzdD42⤵
- Checks whether UAC is enabled
- Executes dropped EXE
- Loads dropped DLL
PID:2108
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --strtl=di --start-maximized1⤵
- Checks system information in the registry
- Enumerates system info in registry
PID:5464 -
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\WaveBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\WaveBrowser\User Data" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.3.16.5 --initial-client-data=0x120,0x124,0x128,0x104,0x12c,0x7ff9ce5748b0,0x7ff9ce5748c0,0x7ff9ce5748d02⤵PID:6104
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1840 --field-trial-handle=1844,i,10392033419771549850,14762269753951861706,262144 /prefetch:22⤵PID:7096
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --mojo-platform-channel-handle=2124 --field-trial-handle=1844,i,10392033419771549850,14762269753951861706,262144 /prefetch:82⤵PID:5240
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
108KB
MD557428456c6e6c2ea328c864681db5df3
SHA12dc7329e0b346c435b6ea5cf44a3d0a076f8d398
SHA256ee87747102eba8844939352740d0bb6c4a67f10c2656961cb2722cd42ba99f40
SHA51240fb34fce07f094fdaf78c499a21c3f534f0c8ae1246b6cf382ea7e63fa08b4de56e6c81eb8fadce8a2e508ae5d03831590a06ffda3d46026fb894e4997f31b0
-
Filesize
97KB
MD5558a3fa51457575ea29f9b041729ee8b
SHA17196875ce5b68f088e19fe4b7cc07bec29cda038
SHA25674bd216198ff11f08542473aaa7e5a619b50574e344ba8e8ca2c19ff497bf284
SHA512a0afc3650879d6df55abe2ca461631bfa53e78376f1a702d42869026caae035982e22df938d48d7dc42d6482237db614a06df067e2d3f89cdb2b915cda9ed5c2
-
Filesize
190KB
MD510b82dc9d9a29bc4af224981f0e1c6fe
SHA1bc33b2eeac62916eb9ee93a3f1ed6a0eb7611187
SHA25600cd644354032257a39ff710ddd03e9fb98348f5323dec31ca670c903d68274c
SHA512a3c67a858ce7889506572e2448b5d1e936c6d6ada2a04736b1f6cfe12b9ae46e9ee8c925778cda273db54000854f1ec4a544bcf2255770b978c7c6e9e24a1664
-
Filesize
208KB
MD5d40bd627bfb2ba39c5452a71a450eabd
SHA1a0441dc20102fa71225f4f61675537d0549d5353
SHA2568af504dda28da0896cb0e17273878d285d8cc1f912d304b21a49940fb577a0a5
SHA512434a8f5154a509bda70ef7af58e0029ba3ad9da0e3803f9975609cae65a1fdc0449d3a8d110a6928e9e621c7ea203ca98d96618c1dde3dee3a8110e806c05499
-
Filesize
97KB
MD529b0571d015318edb1c292aea8011179
SHA1e3a8019b41ae73f2aa213c10337bb42783f5b5ed
SHA256cea433e8fea8dcf1705016545abd150a2891291ae122a776cd66ddb802a17587
SHA5128ca55fc8e86b0f147ab3b358009b294780030137710e356e405ea3f7d48276e4387e83bc479d72bf068196d6d33c0b5524528b52fd145ba1e8161073aea62951
-
Filesize
259KB
MD5b10f0939bce18ad24102c03769ddab9b
SHA199b7cc45792f6ce7e270755e46a39f90d949c583
SHA256442af0a1a403e17b5e5676cb49973d9e3ae067cfe9efb8b669bf413f7b5a2e1d
SHA5122f7462160d0adaa84e4996cad27bb43a656d991bd8d8957c9ae3161bef4ceccf1923d27b59fe69a8ace048d9b663196ef44e7a7aeb52e9b93b560e10a3069121
-
Filesize
323KB
MD519e105e099b7653cf60ff5783ec59453
SHA19d5ad1fba3c03ce4c3841ef41f776b45ca9160d4
SHA2567e05780afffb2834ec4e2e1d67c9031616c13394ccfeb3a3c678415f19ba1104
SHA512e065358e22fec9d2d323e7acdcf3c4c81a629f4580e068f9b078cc414f2dc5b53912596cab2cb40d5247a4746acaff2572445596f534940959e0b3e87e43aa13
-
Filesize
259KB
MD571dd0abc865c9d8873e93478707a16d8
SHA16cc5c855b93e455c92fc15853a7ac219f62a3b3e
SHA256a0439f5455ef696b70a230ab76c15f4bc3d7571ad4fbc32fda95247789aa5822
SHA5129c5cdf72684a6fbf9fc4194f26208a7e5b877be8eaf1f5a334b3691f7cc281c7f134421592a920f4f3a3f45c1287d04a95631411bf2bbb189e137d1d1d143a22
-
Filesize
323KB
MD53d08bfc845a13602e942f839e75be233
SHA17c8cbeeffb2139e83214f9e66d01eacae35f5be0
SHA2562992995fe9fbb5b0ff1da5f081f2aabd32ca276ede41889b4e457e6cbcf21efd
SHA5127a2d2b1afad039f37fc9f7caa819181e710cf60f1348c129b5af7abce3307db653f69485d6200b947bcb42b4de406441587867ad61b48110407e265817b212fe
-
Filesize
1.0MB
MD5d388d67a1861f9d0cc4f6edfa97861b4
SHA1ca82fdb6ff39fe0b157100d1c8eec48b73c34791
SHA256b21f99f14b4ccc78c5e01c269a8eba83ae0c5912b46d8c1554f329a1076a7617
SHA51271879d3dd7b1b0b169e3c80fd88ff6f656778af85462363202c4f28ae57b547ee569e5b43f55d0446cfbed736c32fa249ba91a5c34e8d9363295be86b1d5a3d3
-
Filesize
42KB
MD535fd9f0a8fd4a41ebecab887715a3ffd
SHA103ce4a819fb75e4c5e756fbe73f8a63b885b0624
SHA256a535ef96bcbe7f6953fb6d7194540716df495bd7cf25e902dddb6756561189bc
SHA512e6db60d25de13f5f452fd249ac2f6cddd0958a2830404a2144154ee0e1023cf5cbff3e58831383b14c9950dcf7c4b4b784d15e972b44808f8d02870a44d62d14
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
796KB
MD518693249f3a283e83b8179e692ffbba9
SHA1546c0d89f8c8096d22c6f6be7e843cf5ce08e220
SHA2563d828bcccc628e7096856337b178da5608a6c3db99383374e6c49d50a1895e64
SHA5121ab246fea99daf75831f26930d458a05ff0efd5f9c71c9c4396681a065fcf9f5c04af774df34ad55e140b71d41e42254ee2d9dabbb18009800bdfc62170a8c39
-
Filesize
1KB
MD5d84489371a9426dca0cb2e83daf6bf0b
SHA1be3e8c9c84d469d2bae344f8c6f8ee484812d6ba
SHA2565e1cede4ea5c266fd4ecbd3feb9f6b7a518705c7af061caea58b71e4833caf3b
SHA51250abee7939bfff66986da51b890a80018551f9a91286dd30b3ceebaa6f327bd2e4f66ac5ec6dc9378d001a5a637a69f4f1325d22b19fc0c89c0f573b54fa0f49
-
Filesize
3KB
MD5409d4d2ff56da0cd48952726eff9d1ca
SHA1016b9d8d6646582da0b292006b624091373b8f12
SHA25672bb1258cabde5860aaa51e3097052fe13f6b9d541b16623aa31b84e877801c0
SHA51248814b4f9cc95bec6177735454a5dc5f7106464649eb216e51f04f2411528ed5e8bfa1c8ff489637a25dc7323d5b7e4bf953694d2b864671e7ae71360fd0c7f6
-
Filesize
4.1MB
MD510311774d51e95a45f7a3cdcb18de01b
SHA1f36e244f6a8dca0ec4c5f8f3cf4aac9194700914
SHA256a83f3ae723657bf6fe90e39fdb1816f9ca652a310b98d8da22075adedc21071f
SHA512a41b14e5091f8c27b728ee87842b588eb85384d2e8f3469fb5ec9019385b15b75ef61e56dfa4953670b11d7be6d7b582b86b2283d4cd3f281e827369dabd1e8b
-
Filesize
215B
MD5ec6c8a879398cf1a9cb49d940f22f312
SHA1c950d247f78864e7a159e0e6d7deb54c4eacbade
SHA256dbf6ccdb61c9e9287a12d830a61b3163d943c985a1f5899b2ad00ae8072e1cef
SHA51269a27d8288900ef30725ffb978cc922b4adb821343598722a96ac1f5f15aa2bf36f5fedfaa54e4f9c130449ee33dcf757596ada2be2c80f9e20755d1acfa7f0f
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3428_992723239\CRX_INSTALL\css\chunk-vendors.67b6e527.css
Filesize386KB
MD5a37b786ba2d74b8006c5cc08dc1dc140
SHA1f056cf24b9a35c5072175dd94362dde6a75d3bce
SHA2562b6e7fa075a7c50adac2642622b0b4e48b375ba62d10a7d69cd83d2ff27b7194
SHA512294ef89dae57fc4bb413d47b6e2db2397e27d244417e93b35141b106f403e41e776babb8c0fd9084d4637c0a490e2647936b163012b90f5df5a63d17025ec943
-
Filesize
316B
MD5e89a86961cc6a5125dbd885e8f8bad5b
SHA1a2849b637bcec9dd3460b262c7869d8075438096
SHA2568b8dca5d206ffcfddfabdf3c0c90f97da2bc8c993675ce616891745413ac93a7
SHA5129b2a87e5eb5ae4c399e8fc43acab07cb73bd3d9762e418b6b3b6e777d2d047f49c422ea9d1dab2b6da885c945b680d0d703f1e0b2e3dbf24d06b5d28bdfecb37
-
Filesize
323B
MD5604cbd5684413a9d7e805170fb26df7f
SHA1c32a9a141ff2710ec4609f2d97bd3ee6ea20dc21
SHA2560f47aea5c2b274c9b17ec9423d9852a3a90ad098b1f2996be4e42332b866145d
SHA51282044e3cbc1402abf889662e9bb1b218b22bc0e9a5edcba9cd8ef092b149f49fd972d62ca2ed9c256f70e90c35edbaa4adf955f2e0d88dfca218fa24679a03a8
-
Filesize
5KB
MD579e7d4bf99bb074aed764d92893a2de9
SHA1405f10f8bd76c0710db6d7183fe4b23cd4dc4b8c
SHA256836234e9ecadd61c64c2e4e1dd9ff23999ddad56e08a14fe9c383bc200a8af32
SHA5127255d83a063dd6379a81eff342fdac9ff4df992c7e7fe5d92b1df586098ec3e02c7f4b287aaae8175a9c7b87f1652c2907eebc00af2ed7fdcaf00552ce219827
-
Filesize
40B
MD5ec2f9eecca9c664704b43d97620d8a66
SHA14a20e7f0f842d572d36cbb7660920430d803ab04
SHA2566f30d168ee6031268a5fb73a55152a0e7fb8c0c388f1627abb0b6eb5241d9253
SHA512d2e393542f39d34c7ff125f54378b97dd99f55c16a66b17b796b9f8a899037cba2eff7dc48dddcd52e0b7a360d4ec0264a5ae0b731dd2703afb20d69bc44cda7
-
Filesize
40B
MD5ad9438588a2193199dc50b82899275d4
SHA1ecf0c7994f8ff5a616ce32e9816b76dfc77441cd
SHA256649c936122a975ffc546ae02301642e9014269886cebf25fa6f8f9a70d092ddb
SHA512a6c2629ac2f70b01bfe5a3149edea1b8b42de66b33b71a54d007b9bf07c31464ad7bdbdeebbed9b39b7f767d6e90cc6e8efb2dcf2fba319109bf4047e65ee8d4
-
Filesize
36KB
MD5aa9556307d27a6cf8bc23f67b443ce30
SHA10f6781ab92c1f047b97290e96c330160f27b097b
SHA256ca04e93752beea5d5aafd022aef0fb830bf99349ef8977570de84ea3d8e967fc
SHA512f7c33e6092e371e8e033150e3c0282d437fa54596399c96505ad03772c588c9b26a453b8a0f63c7a7f4124ca383bfafb87f22d40dd62bd1e03b4de1ffe2c30eb
-
Filesize
173KB
MD5dbb809c9ed271936f6842f22d0647bd0
SHA10276c592bacba0d2a3aacce241b3340c46a13f80
SHA256b40ed97fedcf048b92224e3c6cac62dd8286732e7a945cdddefc49d8cf5bd398
SHA5120e7edfcc08cb0969aac0e07461736a85e175ba8652c564924140f70d251dc0a7ab0da26a6d1411ce7070d45d6c7a95d0fa9f93165483cd6d3cd33d5d20d85f22
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\background.js
Filesize141KB
MD5b16b9e1d4c53cff89988d614c9e06f0a
SHA154687c14aa10eb4cb7fa9408bd80315549d0cb1c
SHA256acf3f0174db217be8b313a4b8c405c54d6504a53515209dccd87d221213e4cc9
SHA5122e107227fd4cc973d63929ce24344c2d82229c5f1ad877f8f4161510edf89638f88d5a792f45810842d1bdd3a92067d238ed497188f143db1c4c813a5109bf54
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\icons\icon128.png
Filesize12KB
MD575bf627df24fdc7a83ba01d9d08c4952
SHA1cb195ef8841d309426549da494dac455c020c02e
SHA2567e5cfa06a8ee0e6581b54abe90e96bba2cc08f30512c926fae7d8148f53fecb7
SHA5126996575a4778946ddabf4a9a7461a5a0b5b7af043023ac6d42dd9540cf380d72277849669714586429ab053a89e1cce55d5dbc907c94b78fc41c70859156bfb4
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\icons\icon16.png
Filesize774B
MD550e58666f9b75f209d6a972bb251100b
SHA12d6724970409c92d3b11e0d5a0e90860b95384d6
SHA256e5389525ba1c4f04b7d5693429a357a5c6277ae931abd2248a965cf5f8d427e9
SHA512903a2c6162c8c34077a9d7fc964a8713320347fb08911865a4bb3805d23cfc7a3fabd32e91400ceec88fa87b0417938f367b5355fa9791a6c92e7f069b8e676d
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\icons\icon32.png
Filesize1KB
MD5ca97c6cdc62f2396e375ba03fbdc1a52
SHA164805d7a5959d06825ac10c2b8edc4b253e64f57
SHA256d989185077f43440d4adf982c585964ef3630d875c6d3cb9b82ce5c1735c2cf2
SHA512504524289fdb1eaef5346c679c6b9ffce0531d9ebde984ce7b6a18777a97bc6a2506e422b71aac78437e35c2ae7dd4ab53766b53c223766ee2cf132dc69e278c
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\icons\icon64.png
Filesize4KB
MD56a24faba74f6ab6282066353ac1b2ee1
SHA130c1e8e030feeb4fa79b256df1b74ac9781fe0dd
SHA2561fdbb30f30aca89656b46743706f68ac6e04560e87cec534549e4c31ede697a5
SHA51279b80757045a01cb22d93cf6174361344a6902c66387bafaf5ecb05d46675ded72291311a2ee8de54654b031504c75503e2767a30fef9382f02cc0669ee38160
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\images\chat_notifier.png
Filesize1KB
MD54eba440d879297b53e81849522de4a12
SHA1fb2daf0785f98b4d9635aa87a7c7c1363c784bc9
SHA2565f892c3cc9aa33d8e054e0e4ba234ac3e3747ed765b0be87b6e1817d3cbc5a56
SHA512b1c670c1bc8fc4675f15449e3517bfac68d07e24902b53ac14c604cc3981976a3a500921c277ea963c774801222a660465a4df426d18925fd77008a29c92b99d
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\images\icon128.png
Filesize3KB
MD50bfba0954935e27aa71671f0779f40f4
SHA1bb265d4944b6c9eacdd10c175f431e72b69923d6
SHA256f0a2377fad0525feb0254df9cd50fe8070bf415da7657afd559ecdf3e9d8a5a1
SHA512d975a61db626a79914c3c28bcf24bac6456784ba46115ac51c6f954586317c1da52be8a3a5a23bbacc6c5976d7879fdf37ee0a74c7a4a97624b42c2e5f6cb9d3
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\images\icon16.png
Filesize501B
MD536c63692c9fe7b9e3c4d35d27bfea22c
SHA182215a6191dc31d30f35d34c609b52f6a3afec15
SHA256fe35a48804ea6068efff3b2578244922b4485636d24f0f61711bffe7b4c25338
SHA512cf21010ab67a956eabcaad8f867af62a0bb1130c9fb066bbdca57534ce09c4cfd397d53d7ff5600f5e0aa54b0116aebbbc04b4c417876282adc1ee81ba80ecc9
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\images\icon48.png
Filesize1KB
MD50f118b648f5281260ce531a01cc60433
SHA11aa39c1127276ed9416e1e584e1a676a5cbad444
SHA256562adcf2274dbda895c3af3ae1a76d55cbc848749bc45ce3004f2471a7ed6436
SHA512191432638562b55f3d76bca6745b4c4f99838079905f76e3835c1be4a0c48c7e092bf52e0cde5702891e5af861ebe03dd064753b0f4a5c98b1cef10d1d7e7ddc
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\images\icon64.png
Filesize1KB
MD5e879b5b5b5aa6a1a5d8c2bcbaea4980c
SHA1f5c3467392265bdc7efbdb5b763f7e02c0ef9fc0
SHA2560e53df9f306c6ef1b7166557f16ea8e1a3623e3b9435c4d41b38cd9675ede020
SHA512f885886bd3ed8f60abd94be9afd4091e5c258a736917383ba2634f4b02f8bf7766091986bb1bdbe29f2d9213b9f7b40c2305bf4e79d973a097d1a3d931e1bab6
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\images\messenger-logo.svg
Filesize889B
MD54fcc5269a37a3d5772612db23bebe777
SHA1513c73e431b6b4a0e572dcde4453431515f05c7d
SHA256d4e5cbf1780329e64b2a0555f28d437c7feb3019e4fbec9a11416b0e3c9b7408
SHA512582c630d2f57e3c79d6767504b88546c187b8cf385240cc22ac21222ed65bf9ad319d7e3bab67aa4a225c058957c9524575277b9e84762c638559e83281b8a4d
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\index.html
Filesize1KB
MD5a705c2853ee7104c606695c1dfa30193
SHA13b1e4bcef2dc77c98952f5dae211cfa7dfdb776c
SHA256b08a7e81d0d405202e0a9be7d4370b2d224fc9969c60ae70e3ebe47dc622e805
SHA51264822c4f19402382ef5e9b771459102fc7b979609028e55ed426b8f22abc35f9d6156cd7a3392dfc6c9c3956257ab4685cf1d62ebb5ccd39c663d22d216bc62b
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\main.js
Filesize1.3MB
MD52be0de383183641905ac812e718bde63
SHA1ab95210aa7c5db31354fb761cc85b2a53f7e0f7c
SHA2561721f74838edfcc96c81017d19e94e903c5f343b66596f5d9613bc92add67ca2
SHA512051e82f2192587cfd83dcaeb0cd77f2580c0624a8d3926c7326ba3afc68922ebcb98ba6c4109f4128339b7fef3e8aa96c24e78fe89f7ed8437b3290c455aaf47
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\manifest.json
Filesize1KB
MD5788c1aaa94807e4ea6064bc215a114e3
SHA141592d660e066c628df6dc3406fc6f7a62b42e08
SHA2562d4b2baf75297258071663b7bbfb4f12bf5748349e8c8c617d076c5e3a1f1806
SHA512be9ebe997f00559b70a0906957989b382e3084c609d9bcb4ae3993cc05c2b0aac355d4d2836858275f28bdc166683baac5d346e05e26d0002dbb194b3f8929ae
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\message-hook.js
Filesize1KB
MD5e088a86c8b14038a719ca0c5990b30dc
SHA176b5ae33796d26be67b44f5aec02d7ed94e10903
SHA25687179e85e074330c367b64bea5c1385ab53387deb150696709a974bfd52d6a43
SHA51216f5f541e6f8194e1da05639d24573ad3046e5d8eee97a03a343d64170ce673e0b479ffb2e1bec5f2607580854eb6fb28415d4d7dff88b7e83d14d1b087a7432
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\_locales\en\messages.json
Filesize175B
MD53ae47e124645df64a994f09171695c66
SHA132e1f7a89cb14fe2e516f400451f113ae8135c2d
SHA256c5cea8c6fe04b30d8a5490f0bbddd0b3dc3fa4382dde777105bb3e80d2992dc8
SHA512bcab9ba96d0ecb78cac7821296c7a6b0f684aa04b09e51a6c52ccbd0a299a87f165ecbbb6e1f2935e7727f7fc710d2431ee346c6ea7606d1cfc1a049c28397c5
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\_metadata\generated_indexed_rulesets\_ruleset1
Filesize539B
MD591d36bb6f1b9cd523789bef49d18745f
SHA12fc34cd560f04d428ef2965dbf15cd730a77ebdd
SHA2561b0293509d472f044cba12851e475f17067a86586b3d1a96017fe3855416aa4c
SHA5127a0dfb513878db0ec7f008b9926c7d37fa63afc7d23cf9ef5c3d21eddb92f84b263782a4c9c8b6758c3fb764e159b3fb9e9a3752e086f5421509d09a0ac1ebec
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\bg-wrapper.js
Filesize84B
MD563abc1bee2e752534021d902bf4c8319
SHA1e77685d175296c90f04bfb586f71df7fc5c1e44a
SHA2560a48213b9a577ba7d1dad1f28e6d7394d6ec81ddb6a3d240b6fa21071a22243c
SHA5120f5c3f5e6fb161600ef9d046e387626150ce3acb5e8f1de5b48544fdc4eae2089f7715f2ec0cbd516d4c879b6b78d829a628118e367f6eafbe38f9850ccf0976
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\css\options.e6e84e00.css
Filesize613B
MD5d696e922b473abfa555eba5833752121
SHA1b8112f53a9d92e666c4de5258d2e909d238a2864
SHA25611db5186be7fb14d46e0e42cb0229831754682ee3cacb8ce2613ae9b6684c4c2
SHA51266086f99b3deb1766bd8245cec2faff73a27a993a8ed60633d19e7feb2353c56a6c9ad2a5f3dd7a66507d0722d1a433c42a38976198b7ca7cd67ec6973f5334c
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\icons\gmail128.png
Filesize4KB
MD5abc4ccd4708424476971338c85ba3c58
SHA10db30888ee3aff9279f5882415a8de0277664934
SHA256ccdaa6965bb0b82ecefb62919324815cabef742506d77de79e36f7beab3fa573
SHA5124b8034cf788e726a63a20d43f06764b3acc21ec94ee3c8f7f0fc91102efe54cce7f1be40262c3cc59797a4a2236dd3ac93011f52291cddc680f94db304c843cc
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\icons\icon128.png
Filesize4KB
MD50af6f1fe3add74f14580e3f1b59996ac
SHA16fa6c2294ced9031cddfd415995920fca4da605c
SHA2564579d09ce9295a8419245c2aca45ee91169e182d5861cd7abc061145c53cdea9
SHA5128dc2c54c9f387da1f46b1ffb986f698e94769a4e269ed7f4108f0540ebe575e50808a7ff0901a350ab624fde0623ad4161c321593832350f450d9a68fd78c18b
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\icons\icon16.png
Filesize501B
MD5eaa867a24d9ad853f918a6aec3c20033
SHA16cc629b399440b27cba3feecd3c10233b07112b4
SHA2565de849a40397f1535caa858fc91b7281a806a8a64b05e4e4ed9c572b42b99325
SHA512a1f5ca680b1df9539d0a29d1c9fb312a4b74bd124baac133ffd2536a08b4e767ea827f43208654800be6a744ec82f3ed3834a53e839ff4cc0a5fde4a4602311f
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\icons\icon32.png
Filesize1KB
MD535384c99cb09faecb98e1e9633c43e1e
SHA1a150602bd52796f39a2a516fa433fd2a0ea74cc0
SHA256e5f75e716884ff58c46b29e1d44f016ec85b6ecaabf4ee6abf302e76b935c387
SHA512acd095bc4ca7d4d7781860fa6c49faf5625f0b2ac3624b85b29aff6bf07e57d8523892c6a4b5acea0b14e34a279831efc4c04123f75296cb29f7b51cd572f8b3
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\icons\icon48.png
Filesize1KB
MD5eca4662bec924a31459dfc29b3584330
SHA18aa3eb4a7f8671e014a8897ba79f59823393f59a
SHA2566643ff55eab8446c16581b4b98ea3688d6f087a747a91382f15c6e740822d172
SHA5125dc4ae0a32f2ce8c140f75c7e9b8fed414b76ea55c5942d5bf0c1c9d13a3e388ee67d34dff37e32249462413fd280464571ee8c921bef0d9ae630a9cdf900b85
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\icons\icon64.png
Filesize2KB
MD55250676fce3d9420ccb8d8d9fa8195bb
SHA13a9cde2bb48e1439c7f77deeb98ae6d8b92dd2eb
SHA256d51dabfc17737b69a588a29a215cdc6c9e1442588555b8d4f58eb885b79b3b55
SHA5121941fd792b635415fae49f0dafed8a6e226b0ebe295fe2865b5fb4451e61f1df72acb4725a7225db1b11b1ad6f54bf6db5455f3e574377a6076d871f3ff97b44
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\icons\ymail128.png
Filesize4KB
MD50c60ef8ddf9a2a85653dba05eb30152a
SHA1b578eb165163f1882b0ce2331413e02c19ff7d55
SHA25690c24565cca615f4c105adbc869516d104fc4ef4b8e16b687b138ef1e3ff4b52
SHA51287f15e363fb6f4a279875f86a401827ee07b8ee7583d4b1a762816803c532620153fffdf4364e9b53cc4891b5fe90e11754021e821e1d6ec4a73dcaa0f594dd9
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\js\background.js
Filesize168KB
MD54d658c9546ed50df1daba2028a25aec1
SHA13bc39fd3a66e322418f6b36ef95239342c039cf8
SHA256a0c6c4ba721d577350bcfc10ffa4491f87abc04f2fc7eacf0fb650fde4e8376d
SHA512cac5c79d90713f6308f850010a38b8c0ea9444ca8d08ea6667fcee14d7bf5c7bb423cabba9f05ee2c9a167393d33696e07118f075f971e7a6ebdb3fda7ea0be5
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\js\chunk-vendors.8d4b78a9.js
Filesize289KB
MD55c8bec2413d1a2d5ed3c6f56a349c756
SHA1539f1a5a0735ef004ab79946cab89649f835c0b8
SHA256ed951b5d3a0416421fbbb2ce879297b258c169c7c05744fa21506e6547c28402
SHA51297c52262619a70e2f4b1cf7723952837c4a380a1487cf2f1004bf92e9e253769a804948916dffabf954c7ec02a340c9afb644848179d320401422b2b94dbd4f7
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\js\options.00bb6fbd.js
Filesize36KB
MD5a80f6bee855becb1170da53175c84af4
SHA178740f3ae6f9708b4c0c8449c84280ffc1b269d5
SHA25607faf94d6340d2f5ca395c57037b5e98f6277bcbadb72c6091d092508dbbdeff
SHA5127622930e7cbd2f86b1b71528adc2170a7b7a2c19d143329ddba621093e579386622e108b4f5e47f351c846712436e87176b36c54eaec697ffa67eccc563c78a8
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\manifest.json
Filesize1KB
MD5b5d0aab89982a7990c677db8b1e50e47
SHA11d3db6f2f96a6501ccfe8c854853cecb48b1fc91
SHA256fa430dc95ee3e43237f36cf6832e75cc0a8cdd472467c61a74e50bcf20b03872
SHA512ccf05bf42c36a2a15449f99de4eeef21842751058750c27d6768a55d8fbfdb2118934da13669ac2b30641cc730783dab6bcce88bae6b24d3496361ca9bd13637
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\options.html
Filesize1KB
MD522f534e02876baa5e6734db9dce8911a
SHA1d4be3bbf0c8ebd23416a95fd7a2200955affa260
SHA256c661f2ed61e9cbf0bd28cf19e3fa9ae1c888b72775d0e378a726160a4be40c3f
SHA51222f06e242acf1a709133c7a4ff4ebe5053d2266fe6b01d0537ee72264b746e02c50e649d4ef380919dc398acc5c21f99a125ca5942c09a045e970b5aaca513e3
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\dnpmpbbfdefapbnfffohgcejpogkbjbp\1.0.4_0\images\icon32.png
Filesize1KB
MD593ffbf5247e3685efb761b6df853139e
SHA1239f8336050b3f167e0992b99763b110c12f4c9b
SHA2566b8407040b26f8076c2d8cc044c92e33c9c7d3ad6d29f32c5091d81380350f97
SHA5122efc34903adf059250daa726a74696d39f5aaa94e569e0ecf12a61bab0b5ee497394f0aa889430bb17472a5778c7f7e9a222cbb30386c85c4af544c6e2e09a52
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\hbgjioklmpbdmemlmbkfckopochbgjpl\1.0.0_0\preferences_schema.json
Filesize7KB
MD5a192304f63ef26c80086f835cc4b7ada
SHA16963e90e752209132b728a938844c4c64dc94d43
SHA2564f72309f9378f04b3f1cb8f46b031ff513ac63e5056d96272f2bdc6d39dcddf9
SHA512be619909cd0c3465966a4018847310c1493bfdecad6f07bb28293f3dcea73dc377f5d52cca040d626368e17828eae28384fe51d20c4a71925c5f31eea8e18561
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\IndexedDB\chrome-extension_dnpmpbbfdefapbnfffohgcejpogkbjbp_0.indexeddb.leveldb\MANIFEST-000001
Filesize23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD5668c68ac1f2f8381e9d3f909ea399d54
SHA1ae11b8e771600c4d7cf6290711c938834d1a9699
SHA25666d4c941b39ff403dfed15acf0369324e4a30fb157a44bde92ac67fe71dedea1
SHA512d6b61874c14a50a671d9166883ca7f99ece6b577eef5ca52a01d114cc4708491f96b90a755d4590558532fbf71c5558473d44c6f499099d4f62df3c9b0418495
-
Filesize
1KB
MD5ef948ed16f041e0f14770c96424889ac
SHA15a5a996f83982a70caf998cc0d6da82c1fe13e8e
SHA2567460c6180133f8790c1160326078f2a73920d29284d2f638d9b12fdff3240b6c
SHA512c49566cb3748acfffab6eff977e7cbef335ca6634035c56e26af8473b341f9456732d439a723e1d554507374021d0b59f6701746c77120feaf18a5b4926e75d5
-
Filesize
12KB
MD5f985d6aa96511249644eaf0827e596e2
SHA194beb29541e96b8748888c9f5fa60401aa345ee6
SHA2562564ea54007f5a0d8ae955b56f8f42f42856fd40fb2f23e51fe017a852cb3c33
SHA5124862ea2980b8694c2e2601674e26a8a34ed19328c97a26203d33bcc58a99eaad76fca14e5d97b74199112d764871e34ccd8478046e93b419a7ab9d58680ca931
-
Filesize
5KB
MD52cf944a886d0b01f8436ba10a2418e80
SHA1f9a9840615ca21835790bc092459410103ddfca8
SHA256582404a96c57df32ad2a42b1a62f277e5f053f2960018cb36df7b02f45da2401
SHA5127ac37ada83ae1a7a6744f0576abb09ef82ed75e7ae3cc75aec665808c3f879aa7255df45081461eee66acc84b476c28a735fa9bf5885802b5c4722dd45e6b8fa
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
Filesize35KB
MD5db4e38bd8a1f7b90ae70629ad99e30cc
SHA1174f749345bf3fd59a151c8c37aa314358fa5068
SHA2567fd1b31f221e4cf526fbd7da58665ea3f0cd7e7802c2d460f1a7c0c60152f062
SHA512ceafd0c27cdf36c2632ede56d16e1ec99e68f582a89424263311199a9fed94ba8c8b8d2a1a5cb0a3b8a8757974e661f7422b60efddbc4496f8cef178edc68870
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize120B
MD5ee92ab1e488dbc2718ce67f9f4579625
SHA171b6b4e004c094ffcabd373eee127e031bcd081c
SHA256eec664a5cfc61a3917617f8435fddf4f92253ab154823f2904bd206327d64aa9
SHA51285c0f44b9fb6e445d53682292947216d5f9555ff89a84625d5557e962b6c289576fb5af7f4e6100eaf59e1d7322a047401686502b28e9e745c66fde96dc7eb00
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588f6a.TMP
Filesize48B
MD5502d01b362c29551a2c687df3f09efbf
SHA17179f618ff3f91c92b411597cbe4c4251010b299
SHA256dc7cb184cce679192c85e2c1430d2c504869d5c3371162d0266f9f01c1f793b8
SHA512eb2b46087af8c47c97b1aa1925b2793898e5873ac47733c94314d731fa3c77d63b7bc2517409fa4b1ae060c397afac08c4cafb92ca6e1abc3d9e3c489cf9280d
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
12KB
MD59e3b0e04bec5b5b93cfa5798c91cf71c
SHA1c2dc71c786620c1784afdee7c72ac3c03d9d13fb
SHA2563cc5ae58fce3521088991999b410bb5e459b8c1c0c017ff091c67d82f342047d
SHA5127a68a8524aba2339e2f723f5584bf290e0c9992b700d8a72d58b4ad5d4a0858543f31c20dd31179088d33bd0c7acc41ddd1113dd057adeca2d3c2ea39d05aa0a
-
Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
Filesize
264KB
MD5d0d388f3865d0523e451d6ba0be34cc4
SHA18571c6a52aacc2747c048e3419e5657b74612995
SHA256902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
Filesize
5KB
MD50e76b4535c4604d8810596a30f8ff3cc
SHA102d56c884a2ae3b5117a311e18664c415476ccd2
SHA2569be88f0155a6f98ca74e53440a406daede09f9c34c8eee2386af55355e708e5f
SHA5121c8981bb249b34ea75987819d5b4af5ba5b3166d2b8fe2f81d350e0b6b9e2814b5055683d05b1987107f694c31fe1956a529657465e3a3b7c3b90ec5b6a88f92
-
Filesize
5KB
MD511654d26e697f667cc8972f465c3c00d
SHA105f68caeccbe87da1e74b27882e8a53008d5e450
SHA256559610dba9baa9dacec156852fa6fc514bf3e9e06f8328efd98677f8c44eac1c
SHA512fe4a44d5f017842d83f199054e4717c038f56bf46ed80f00dae4bcdeded806ccb26a85290fb10d8d926e3c856481af5d44eaa6970b5de80c7cd5d47b01dd4bd8
-
Filesize
3KB
MD5a800d6ce2102409fc42b48e0788b1455
SHA1e23565a551938cccff23eb940a934970a8bc9d46
SHA256f17a7b1c10784ca2aa63a64a56510d3b581174be2661532aa823357170e7aa8a
SHA512cc47e23680e36295be99c8acafee3b93e738bc642f7d55a565175793d70755575b25de0c860011d05d1a439c1b449601ac90081ff85645ee2d011b9a2f539267
-
Filesize
2KB
MD59aeb0cddbdfeff87659cda2752b19c57
SHA12e149e22963f1cd5881ff915415ec87088ba9e77
SHA256ba0c6d2d334e031c60be955e22a2520ab04a8732f58400195196508c7ba6aab0
SHA51277757baf025af269b84bec9d09598b4decc0c93620b4ae9bb86758038e0ea9cb7662ead5e1471eb08951a4728335c49a8107b50381aac75cc3cd519318b6061f
-
Filesize
1.3MB
MD564bf5349bd5740de1041d6bcbed61137
SHA16ccda58e1718424d1ffb5fb4845361779b0643fd
SHA256424201e215f733462764e3291b0a679ec40b41906b6122fcf46ed2f13c4637f8
SHA512fc4b15029f9a8467f4506eb3ca8c7f9be272459d1bc03e16865d13cc9423bd3d5a78260a0886284e4ade2c84bd9c167722ce06440f54498de84e1a886a0a9d3e
-
Filesize
3.0MB
MD57c9abac1daf920c2330f139dee040a8a
SHA19dd5c32ab9cd59f5f347e6afbc83c44d9eab3c7e
SHA256c451206e59d0e62a8f9f0b0d6d475dd47a6610e0463440b8c8a208654f498a31
SHA5123c52e593f972ea34df600f9b5c6c2311129dd04b90658a46d0402440fc4e26a4ddc61a2b7da0d43f0add327b294ba17aa6962c5987f56f713482ca2423487f5a