Malware Analysis Report

2024-11-16 13:21

Sample ID 240614-fr1fpazelp
Target Wave Browser.exe
SHA256 4114122c0dca23f637d83eed33f9abcdc92709e2ac6f63ffd55f5aae519b58ab
Tags
discovery evasion persistence spyware stealer trojan
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

4114122c0dca23f637d83eed33f9abcdc92709e2ac6f63ffd55f5aae519b58ab

Threat Level: Shows suspicious behavior

The file Wave Browser.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion persistence spyware stealer trojan

Reads user/profile data of web browsers

Checks whether UAC is enabled

Downloads MZ/PE file

Adds Run key to start application

Checks computer location settings

Registers COM server for autorun

Checks system information in the registry

Checks installed software on the system

Drops file in Program Files directory

Executes dropped EXE

Loads dropped DLL

Enumerates physical storage devices

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Modifies registry class

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-14 05:07

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 05:07

Reported

2024-06-14 05:08

Platform

win7-20240221-en

Max time kernel

44s

Max time network

18s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Wave Browser.exe"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave Browser.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2736 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\Wave Browser.exe C:\Windows\system32\WerFault.exe
PID 2736 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\Wave Browser.exe C:\Windows\system32\WerFault.exe
PID 2736 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\Wave Browser.exe C:\Windows\system32\WerFault.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Wave Browser.exe

"C:\Users\Admin\AppData\Local\Temp\Wave Browser.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2736 -s 656

Network

N/A

Files

memory/2736-0-0x000007FEF5D73000-0x000007FEF5D74000-memory.dmp

memory/2736-1-0x0000000000DD0000-0x0000000000F0A000-memory.dmp

memory/2736-2-0x000007FEF5D70000-0x000007FEF675C000-memory.dmp

memory/2736-3-0x000007FEF5D70000-0x000007FEF675C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 05:07

Reported

2024-06-14 05:08

Platform

win10v2004-20240611-en

Max time kernel

90s

Max time network

92s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Wave Browser.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Wavesor SWUpdater = "\"C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\SWUpdaterCore.exe\"" C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdater.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdater.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Wave Browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\psuser_64.dll C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdaterCore.exe C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\swupdaterres_en.dll C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe N/A
File opened for modification C:\Program Files (x86)\Wavesor\Temp\GUTB4E9.tmp C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdaterBroker.exe C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdaterComRegisterShell64.exe C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\psmachine_64.dll C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\psuser.dll C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\swupdater.dll C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdaterSetup.exe C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdaterOnDemand.exe C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdater.exe C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe N/A
File created C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\psmachine.dll C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe N/A
File opened for modification C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdaterSetup.exe C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe N/A
N/A N/A C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdater.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\SWUpdater\Install\{287379F0-EE90-494F-B493-0C619B577D85}\WaveInstaller-v1.3.16.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdater.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser.dll" C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32\ThreadingModel = "Both" C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{3C41B0C4-B5B6-4293-BED4-C927CCFDB909}\LocalServer32 C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32\ThreadingModel = "Both" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{1BE9D40C-2307-4213-830E-7E3CE9EDF0C2}\LocalServer32 C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32 C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser.dll" C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32\ThreadingModel = "Both" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{30FB944E-9455-49DD-81C6-7542E47AA3E7}\LocalServer32 C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{3C41B0C4-B5B6-4293-BED4-C927CCFDB909}\LocalServer32\ = "\"C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\SWUpdaterOnDemand.exe\"" C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32 C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32\ThreadingModel = "Both" C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32\ThreadingModel = "Both" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32 C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{D12748C8-5013-45E2-9A24-2FB7C2EEFB7C}\LocalServer32 C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32 C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32 C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32\ThreadingModel = "Both" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32 C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32 C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32 C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{1BE9D40C-2307-4213-830E-7E3CE9EDF0C2}\LocalServer32\ = "\"C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\SWUpdaterOnDemand.exe\"" C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{9CD78CBC-FD21-4FFF-B452-9D792A58B7C4}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\Wavesor Software\\WaveBrowser\\1.3.16.5\\notification_helper.exe" C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32 C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32\ThreadingModel = "Both" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32 C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{30FB944E-9455-49DD-81C6-7542E47AA3E7}\LocalServer32\ = "\"C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\SWUpdaterOnDemand.exe\"" C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser.dll" C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{9E0CE9B5-C498-40A8-B7F2-B89AF1C56FFF}\LocalServer32\ = "\"C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\SWUpdater.exe\"" C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32 C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{D12748C8-5013-45E2-9A24-2FB7C2EEFB7C}\LocalServer32\ = "\"C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\SWUpdaterOnDemand.exe\"" C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32\ThreadingModel = "Both" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{9CD78CBC-FD21-4FFF-B452-9D792A58B7C4}\LocalServer32\ = "\"C:\\Users\\Admin\\Wavesor Software\\WaveBrowser\\1.3.16.5\\notification_helper.exe\"" C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{9E0CE9B5-C498-40A8-B7F2-B89AF1C56FFF}\LocalServer32 C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{9CD78CBC-FD21-4FFF-B452-9D792A58B7C4}\LocalServer32 C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628153072182468" C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{C0151E6C-8D24-485D-BEC8-B6C6C82E26E8}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\Interface\{97518FC7-7CA2-4921-BC40-F4A07E221C1C}\NumMethods C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{E44B162B-4287-40B0-8E7A-6E251D80B3DF}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{C5E89508-3927-4EF5-A3B3-C479F0D4E36F}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{64A19E70-BCFF-4808-A320-774FD11571E5}\NumMethods\ = "4" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{8129608C-48BD-42A6-9EBC-7B0933A5CFA3}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\Interface\{64A19E70-BCFF-4808-A320-774FD11571E5}\NumMethods\ = "4" C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{CFDE680E-8700-4808-BAAF-8B1F50F2CC87} C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\Interface\{6130C56B-9B2C-4D5D-8160-C7A583B5DC3B}\ProxyStubClsid32 C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{8129608C-48BD-42A6-9EBC-7B0933A5CFA3}\NumMethods\ = "12" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{E053F7BD-D525-49F4-9ADE-5D7E6FCEE775}\NumMethods\ = "4" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{CFDE680E-8700-4808-BAAF-8B1F50F2CC87}\ProxyStubClsid32 C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{894ADE70-1E5F-4520-A281-CE3BF0309CE6}\ProxyStubClsid32 C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{B2083DCC-1D29-45E6-8386-BEE1488D11AA}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{1BE9D40C-2307-4213-830E-7E3CE9EDF0C2}\LocalServer32\ = "\"C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\SWUpdaterOnDemand.exe\"" C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{6130C56B-9B2C-4D5D-8160-C7A583B5DC3B}\ProxyStubClsid32 C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\Interface\{894ADE70-1E5F-4520-A281-CE3BF0309CE6}\ = "IAppCommandWeb" C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{CEF9DF20-AE5B-4A54-B479-9C2AFC1C2683}\ProxyStubClsid32 C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WavesorSWUpdater.OnDemandCOMClassUser.1.0 C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{894ADE70-1E5F-4520-A281-CE3BF0309CE6}\NumMethods\ = "11" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\Interface\{B2083DCC-1D29-45E6-8386-BEE1488D11AA} C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\ = "PSFactoryBuffer" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{D669BD5D-A9B6-47FD-B558-81508AEF48C4}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WaveBrwsHTM.65ZDZT434SRMEY74KLXIAQQQG4\Application\ApplicationIcon = "C:\\Users\\Admin\\Wavesor Software\\WaveBrowser\\wavebrowser.exe,0" C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{E4E159E0-7B9C-4D75-AC11-A80628173DE3}\NumMethods\ = "8" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{E44B162B-4287-40B0-8E7A-6E251D80B3DF}\ProxyStubClsid32 C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{D12748C8-5013-45E2-9A24-2FB7C2EEFB7C}\ProgID C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\Interface C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\Interface\{C5E89508-3927-4EF5-A3B3-C479F0D4E36F}\NumMethods C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\Interface\{894ADE70-1E5F-4520-A281-CE3BF0309CE6} C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\Interface\{E053F7BD-D525-49F4-9ADE-5D7E6FCEE775}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\Interface\{E44DDEE0-3097-499E-9DD5-7D5D5DCC401D}\NumMethods\ = "8" C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{97518FC7-7CA2-4921-BC40-F4A07E221C1C}\NumMethods C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{97518FC7-7CA2-4921-BC40-F4A07E221C1C}\NumMethods C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{64A19E70-BCFF-4808-A320-774FD11571E5}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{E053F7BD-D525-49F4-9ADE-5D7E6FCEE775}\ProxyStubClsid32 C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{2C53B9D4-A718-4972-B28E-2E7AF1055602} C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WaveBrwsHTM.65ZDZT434SRMEY74KLXIAQQQG4\shell\open\command C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{2B2AD342-8BBC-40AD-AF1B-6887EAB9D3D0}\InprocHandler32 C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{3BE77C6E-0029-4F24-B677-32C9E15CD8F1}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{D3C865DD-E36B-432E-9E47-554925B86737}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\Interface\{E4E159E0-7B9C-4D75-AC11-A80628173DE3}\NumMethods\ = "8" C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{E4E159E0-7B9C-4D75-AC11-A80628173DE3}\NumMethods C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{8129608C-48BD-42A6-9EBC-7B0933A5CFA3}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{D3C865DD-E36B-432E-9E47-554925B86737}\ProxyStubClsid32 C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{E44DDEE0-3097-499E-9DD5-7D5D5DCC401D}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{DDF98EF0-2728-4A8D-8B0F-32627DC56437}\ProxyStubClsid32 C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\Interface\{50363C3E-2FB2-4EC0-A827-CD3314F526C5} C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{E44B162B-4287-40B0-8E7A-6E251D80B3DF}\NumMethods C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{6130C56B-9B2C-4D5D-8160-C7A583B5DC3B}\NumMethods C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{1BE9D40C-2307-4213-830E-7E3CE9EDF0C2}\ProgID\ = "WavesorSWUpdater.OnDemandCOMClassUser.1.0" C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{068FAC78-4F23-4F74-99A0-F7C4797D5ECA}\ProxyStubClsid32 C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{E44B162B-4287-40B0-8E7A-6E251D80B3DF}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WavesorSWUpdater.Update3WebUser\CurVer\ = "WavesorSWUpdater.Update3WebUser.1.0" C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WaveBrwsHTM.65ZDZT434SRMEY74KLXIAQQQG4\shell C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE} C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\Interface\{894ADE70-1E5F-4520-A281-CE3BF0309CE6}\ProxyStubClsid32 C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32\ThreadingModel = "Both" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{E44B162B-4287-40B0-8E7A-6E251D80B3DF} C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Interface\{7DFF302B-EA41-49F8-97B1-9413CEF98C68}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Wave Browser.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdater.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdater.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A
N/A N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 684 wrote to memory of 880 N/A C:\Users\Admin\AppData\Local\Temp\Wave Browser.exe C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe
PID 684 wrote to memory of 880 N/A C:\Users\Admin\AppData\Local\Temp\Wave Browser.exe C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe
PID 684 wrote to memory of 880 N/A C:\Users\Admin\AppData\Local\Temp\Wave Browser.exe C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe
PID 880 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdater.exe
PID 880 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdater.exe
PID 880 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdater.exe
PID 4656 wrote to memory of 3732 N/A C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdater.exe C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe
PID 4656 wrote to memory of 3732 N/A C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdater.exe C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe
PID 4656 wrote to memory of 3732 N/A C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdater.exe C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe
PID 3732 wrote to memory of 2232 N/A C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe
PID 3732 wrote to memory of 2232 N/A C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe
PID 3732 wrote to memory of 2132 N/A C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe
PID 3732 wrote to memory of 2132 N/A C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe
PID 3732 wrote to memory of 1528 N/A C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe
PID 3732 wrote to memory of 1528 N/A C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe
PID 4656 wrote to memory of 1872 N/A C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdater.exe C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe
PID 4656 wrote to memory of 1872 N/A C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdater.exe C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe
PID 4656 wrote to memory of 1872 N/A C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdater.exe C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe
PID 4656 wrote to memory of 4268 N/A C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdater.exe C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe
PID 4656 wrote to memory of 4268 N/A C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdater.exe C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe
PID 4656 wrote to memory of 4268 N/A C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdater.exe C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe
PID 1960 wrote to memory of 1300 N/A C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe C:\Users\Admin\Wavesor Software\SWUpdater\Install\{287379F0-EE90-494F-B493-0C619B577D85}\WaveInstaller-v1.3.16.5.exe
PID 1960 wrote to memory of 1300 N/A C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe C:\Users\Admin\Wavesor Software\SWUpdater\Install\{287379F0-EE90-494F-B493-0C619B577D85}\WaveInstaller-v1.3.16.5.exe
PID 1960 wrote to memory of 1300 N/A C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe C:\Users\Admin\Wavesor Software\SWUpdater\Install\{287379F0-EE90-494F-B493-0C619B577D85}\WaveInstaller-v1.3.16.5.exe
PID 1300 wrote to memory of 2448 N/A C:\Users\Admin\Wavesor Software\SWUpdater\Install\{287379F0-EE90-494F-B493-0C619B577D85}\WaveInstaller-v1.3.16.5.exe C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe
PID 1300 wrote to memory of 2448 N/A C:\Users\Admin\Wavesor Software\SWUpdater\Install\{287379F0-EE90-494F-B493-0C619B577D85}\WaveInstaller-v1.3.16.5.exe C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe
PID 2448 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe
PID 2448 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe
PID 2448 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe
PID 2448 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe
PID 1544 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe
PID 1544 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe
PID 2448 wrote to memory of 3428 N/A C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 2448 wrote to memory of 3428 N/A C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 1100 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 1100 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 764 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 764 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 764 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 764 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 764 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 764 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 764 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 764 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 764 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 764 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 764 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 764 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 764 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 764 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 764 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 764 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 764 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 764 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 764 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 764 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 764 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 764 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 764 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 764 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 764 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 764 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 764 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
PID 3428 wrote to memory of 764 N/A C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Wave Browser.exe

"C:\Users\Admin\AppData\Local\Temp\Wave Browser.exe"

C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe

"C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe" /install "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1"

C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdater.exe

"C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdater.exe" /install "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1"

C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe

"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /regserver

C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe

"C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user

C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe

"C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user

C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe

"C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user

C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe

"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTMzLjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzMuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9InswNjlEMEM4Qy1CNzBGLTQ4NEUtOTJDMi1DODhGRUIzRUQwNEJ9IiB1c2VyaWQ9IntiM2RkODA0Zi01NWNiLTRjMmItODcxZC1jZWI4YzliMTcyNWF9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHJlcXVlc3RpZD0iezU1NDVCRkRBLUU0M0QtNEJERS1CQThFLTM1OTAyODhCQjA5NX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7RjZGNjBBQ0UtNzFBRC00NjEwLTgwRDQtOTI1MzcyOUZCNEI3fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjEzMy4wIiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNjQxIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe

"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /handoff "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1" /installsource otherinstallcmd /sessionid "{069D0C8C-B70F-484E-92C2-C88FEB3ED04B}"

C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe

"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" -Embedding

C:\Users\Admin\Wavesor Software\SWUpdater\Install\{287379F0-EE90-494F-B493-0C619B577D85}\WaveInstaller-v1.3.16.5.exe

"C:\Users\Admin\Wavesor Software\SWUpdater\Install\{287379F0-EE90-494F-B493-0C619B577D85}\WaveInstaller-v1.3.16.5.exe" /installerdata="C:\Users\Admin\AppData\Local\Temp\guiF26E.tmp"

C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\wavebrowser.packed.7z" --make-chrome-default --installerdata="C:\Users\Admin\AppData\Local\Temp\guiF26E.tmp"

C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe

C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.3.16.5 --initial-client-data=0x274,0x278,0x27c,0x244,0x280,0x7ff7e4aaea10,0x7ff7e4aaea20,0x7ff7e4aaea30

C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe" --verbose-logging --installerdata="C:\Users\Admin\AppData\Local\Temp\guiF26E.tmp" --create-shortcuts=0 --install-level=0

C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe

C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.3.16.5 --initial-client-data=0x274,0x278,0x27c,0x244,0x280,0x7ff7e4aaea10,0x7ff7e4aaea20,0x7ff7e4aaea30

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --prevdefbrowser=6 --install-type=1 --from-installer

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\WaveBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\WaveBrowser\User Data" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.3.16.5 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7ff9ce5748b0,0x7ff9ce5748c0,0x7ff9ce5748d0

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1956 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:2

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --mojo-platform-channel-handle=2176 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2476 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3520 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3816 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe

"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTMzLjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzMuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9InswNjlEMEM4Qy1CNzBGLTQ4NEUtOTJDMi1DODhGRUIzRUQwNEJ9IiB1c2VyaWQ9Ins4NjQzNjkzZC1mZmQ0LTRjYmYtYTEzZC00OWVlYWI0ZmU2YjJ9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHJlcXVlc3RpZD0ie0FCMDBBM0M4LUI2REItNDRFNC05RjIwLTJDMDdDRTdCOTI4RX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7RUIxNDlBRDItQ0U0RS00RjUxLUI3RkMtQTE0OUZBQTRDQ0FGfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjE2LjUiIGxhbmc9ImVuIiBicmFuZD0iIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHBzOi8vY2RuLnN3dXBkYXRlci5jb20vYnVpbGQvV2F2ZUJyb3dzZXIvc3RhYmxlL3dpbi8xMTEyMzk3NTc4MjQ1LzY0L1dhdmVJbnN0YWxsZXItdjEuMy4xNi41LmV4ZSIgZG93bmxvYWRlZD0iOTYwMzM3MjAiIHRvdGFsPSI5NjAzMzcyMCIgZG93bmxvYWRfdGltZV9tcz0iNzU3OCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjY3MiIgZG93bmxvYWRfdGltZV9tcz0iODI1NyIgZG93bmxvYWRlZD0iOTYwMzM3MjAiIHRvdGFsPSI5NjAzMzcyMCIgaW5zdGFsbF90aW1lX21zPSIxMjY3MyIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4432 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4528 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4612 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4768 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4752 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5000 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5116 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5236 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5352 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --instant-process --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5468 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6048 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6252 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6544 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6784 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6940 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7084 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6684 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7328 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7312 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7612 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7752 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7892 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8068 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8256 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8420 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7568 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6552 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6928 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6128 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7412 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8692 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8716 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7460 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9024 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9160 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6000 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7172 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9204 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9248 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9400 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9540 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9388 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9808 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3780 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9952 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10192 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10344 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10488 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10624 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6416 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10904 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=11236 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=11248 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=11196 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=11168 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=11552 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=11712 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=11924 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6512 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=12204 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=12192 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=12528 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=12728 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=12960 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=5940 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=9212 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=11768 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --strtl=di --start-maximized

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\WaveBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\WaveBrowser\User Data" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.3.16.5 --initial-client-data=0x120,0x124,0x128,0x104,0x12c,0x7ff9ce5748b0,0x7ff9ce5748c0,0x7ff9ce5748d0

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1840 --field-trial-handle=1844,i,10392033419771549850,14762269753951861706,262144 /prefetch:2

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --mojo-platform-channel-handle=2124 --field-trial-handle=1844,i,10392033419771549850,14762269753951861706,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=4800 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=4860 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=5096 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=8232 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=5204 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=5432 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=11996 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=5288 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=4504 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=5068 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=6604 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=11508 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --instant-process --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=6872 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10420 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6820 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:8

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=9828 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=11092 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=7848 --field-trial-handle=1964,i,16408198027484201709,8260394898643255580,262144 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.wavebrowserbase.com udp
US 34.228.96.181:443 api.wavebrowserbase.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 181.96.228.34.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 swupdater.com udp
US 44.195.102.160:443 swupdater.com tcp
US 44.195.102.160:443 swupdater.com tcp
US 8.8.8.8:53 160.102.195.44.in-addr.arpa udp
US 8.8.8.8:53 cdn.swupdater.com udp
IT 3.160.212.98:443 cdn.swupdater.com tcp
US 8.8.8.8:53 98.212.160.3.in-addr.arpa udp
US 8.8.8.8:53 dct.wavebrowserbase.com udp
US 35.169.100.38:443 dct.wavebrowserbase.com tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 3.165.245.25:80 ocsp.r2m01.amazontrust.com tcp
US 8.8.8.8:53 38.100.169.35.in-addr.arpa udp
US 8.8.8.8:53 223.0.156.108.in-addr.arpa udp
US 8.8.8.8:53 189.163.226.13.in-addr.arpa udp
US 8.8.8.8:53 25.245.165.3.in-addr.arpa udp
US 8.8.8.8:53 dct.wavebrowser.co udp
US 3.89.13.228:443 dct.wavebrowser.co tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 3.165.245.25:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 228.13.89.3.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 extapi.wavebrowserbase.com udp
US 8.8.8.8:53 extapi.wavebrowserbase.com udp
US 8.8.8.8:53 s2.googleusercontent.com udp
US 8.8.8.8:53 s2.googleusercontent.com udp
US 44.213.137.209:443 extapi.wavebrowserbase.com tcp
GB 172.217.16.225:443 s2.googleusercontent.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 api.mywavehome.net udp
US 8.8.8.8:53 api.mywavehome.net udp
US 8.8.8.8:53 api.wavebrowser.net udp
US 8.8.8.8:53 api.wavebrowser.net udp
US 8.8.8.8:53 t1.gstatic.com udp
US 8.8.8.8:53 t1.gstatic.com udp
US 3.89.13.228:443 api.wavebrowser.net tcp
US 35.169.100.38:443 api.wavebrowser.net tcp
GB 216.58.201.100:443 t1.gstatic.com tcp
US 44.195.102.160:443 swupdater.com tcp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 209.137.213.44.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 100.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 dct.wavebrowser.co udp
US 8.8.8.8:53 dct.wavebrowser.co udp
US 8.8.8.8:53 seed.wavebrowser.co udp
US 8.8.8.8:53 seed.wavebrowser.co udp
US 34.206.63.247:443 dct.wavebrowser.co tcp
US 34.206.63.247:443 dct.wavebrowser.co tcp
US 34.206.63.247:443 dct.wavebrowser.co tcp
US 34.206.63.247:443 dct.wavebrowser.co tcp
US 34.206.63.247:443 dct.wavebrowser.co tcp
US 34.206.63.247:443 dct.wavebrowser.co tcp
US 8.8.8.8:53 ntp2.mywavehome.net udp
US 8.8.8.8:53 ntp2.mywavehome.net udp
IT 13.226.175.102:443 seed.wavebrowser.co tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
IT 13.226.175.103:443 ntp2.mywavehome.net tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
IT 13.226.175.103:443 ntp2.mywavehome.net tcp
US 8.8.8.8:53 t3.gstatic.com udp
US 8.8.8.8:53 t3.gstatic.com udp
GB 142.250.187.196:443 t3.gstatic.com tcp
GB 142.250.187.196:443 t3.gstatic.com tcp
IT 13.226.175.103:443 ntp2.mywavehome.net udp
US 8.8.8.8:53 cdn.taboola.com udp
US 8.8.8.8:53 cdn.taboola.com udp
US 151.101.65.44:443 cdn.taboola.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 102.175.226.13.in-addr.arpa udp
US 8.8.8.8:53 247.63.206.34.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 103.175.226.13.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 44.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 js.stripe.com udp
US 8.8.8.8:53 js.stripe.com udp
US 8.8.8.8:53 cdn.mywavehome.net udp
US 8.8.8.8:53 cdn.mywavehome.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 151.101.64.176:443 js.stripe.com tcp
IT 99.86.159.104:443 cdn.mywavehome.net tcp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 js.stripe.com udp
US 8.8.8.8:53 js.stripe.com udp
US 151.101.0.176:443 js.stripe.com tcp
US 8.8.8.8:53 api.wavebrowserbase.com udp
US 8.8.8.8:53 api.wavebrowserbase.com udp
US 8.8.8.8:53 api.stripe.com udp
US 8.8.8.8:53 api.stripe.com udp
US 34.206.63.247:443 api.wavebrowserbase.com tcp
IE 34.240.123.193:443 api.stripe.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 176.64.101.151.in-addr.arpa udp
US 8.8.8.8:53 104.159.86.99.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 176.0.101.151.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 193.123.240.34.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.200.3:443 www.google.co.uk udp
US 151.101.0.176:443 js.stripe.com tcp
US 8.8.8.8:53 m.stripe.network udp
US 8.8.8.8:53 m.stripe.network udp
IT 108.139.243.114:443 m.stripe.network tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 114.243.139.108.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:443 dns.google udp
US 54.187.119.242:443 tcp
US 54.187.119.242:443 tcp
US 8.8.4.4:443 dns.google udp
GB 216.58.212.238:443 tcp
US 8.8.8.8:53 242.119.187.54.in-addr.arpa udp
GB 216.58.212.238:443 udp
GB 163.70.147.22:443 udp
US 35.82.1.136:443 tcp
GB 163.70.147.23:443 tcp
GB 163.70.147.23:443 tcp
GB 163.70.147.23:443 tcp
GB 163.70.147.23:443 tcp
GB 163.70.147.23:443 tcp
GB 163.70.147.23:443 tcp
GB 163.70.151.21:443 udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 22.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 136.1.82.35.in-addr.arpa udp
GB 157.240.221.16:443 udp
GB 163.70.147.23:443 udp
GB 163.70.147.35:443 tcp
GB 163.70.147.35:443 tcp
GB 163.70.147.35:443 tcp
GB 163.70.147.35:443 tcp
GB 163.70.147.35:443 tcp
IT 3.160.212.67:443 tcp
GB 163.70.147.23:443 udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 16.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 67.212.160.3.in-addr.arpa udp
US 54.187.119.242:443 tcp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 udp
N/A 52.111.227.11:443 tcp

Files

memory/684-0-0x00007FF9D8673000-0x00007FF9D8675000-memory.dmp

memory/684-1-0x0000000000D90000-0x0000000000ECA000-memory.dmp

memory/684-2-0x00007FF9D8670000-0x00007FF9D9131000-memory.dmp

memory/684-3-0x00007FF9D8670000-0x00007FF9D9131000-memory.dmp

memory/684-4-0x00000000207F0000-0x00000000207F8000-memory.dmp

memory/684-5-0x00007FF9D8670000-0x00007FF9D9131000-memory.dmp

memory/684-6-0x0000000020870000-0x00000000208A8000-memory.dmp

memory/684-7-0x0000000020840000-0x000000002084E000-memory.dmp

memory/684-8-0x00007FF9D8670000-0x00007FF9D9131000-memory.dmp

memory/684-9-0x00007FF9D8673000-0x00007FF9D8675000-memory.dmp

memory/684-10-0x00007FF9D8670000-0x00007FF9D9131000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe

MD5 18693249f3a283e83b8179e692ffbba9
SHA1 546c0d89f8c8096d22c6f6be7e843cf5ce08e220
SHA256 3d828bcccc628e7096856337b178da5608a6c3db99383374e6c49d50a1895e64
SHA512 1ab246fea99daf75831f26930d458a05ff0efd5f9c71c9c4396681a065fcf9f5c04af774df34ad55e140b71d41e42254ee2d9dabbb18009800bdfc62170a8c39

C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdater.exe

MD5 57428456c6e6c2ea328c864681db5df3
SHA1 2dc7329e0b346c435b6ea5cf44a3d0a076f8d398
SHA256 ee87747102eba8844939352740d0bb6c4a67f10c2656961cb2722cd42ba99f40
SHA512 40fb34fce07f094fdaf78c499a21c3f534f0c8ae1246b6cf382ea7e63fa08b4de56e6c81eb8fadce8a2e508ae5d03831590a06ffda3d46026fb894e4997f31b0

C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\swupdater.dll

MD5 d388d67a1861f9d0cc4f6edfa97861b4
SHA1 ca82fdb6ff39fe0b157100d1c8eec48b73c34791
SHA256 b21f99f14b4ccc78c5e01c269a8eba83ae0c5912b46d8c1554f329a1076a7617
SHA512 71879d3dd7b1b0b169e3c80fd88ff6f656778af85462363202c4f28ae57b547ee569e5b43f55d0446cfbed736c32fa249ba91a5c34e8d9363295be86b1d5a3d3

C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\swupdaterres_en.dll

MD5 35fd9f0a8fd4a41ebecab887715a3ffd
SHA1 03ce4a819fb75e4c5e756fbe73f8a63b885b0624
SHA256 a535ef96bcbe7f6953fb6d7194540716df495bd7cf25e902dddb6756561189bc
SHA512 e6db60d25de13f5f452fd249ac2f6cddd0958a2830404a2144154ee0e1023cf5cbff3e58831383b14c9950dcf7c4b4b784d15e972b44808f8d02870a44d62d14

C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\psuser_64.dll

MD5 3d08bfc845a13602e942f839e75be233
SHA1 7c8cbeeffb2139e83214f9e66d01eacae35f5be0
SHA256 2992995fe9fbb5b0ff1da5f081f2aabd32ca276ede41889b4e457e6cbcf21efd
SHA512 7a2d2b1afad039f37fc9f7caa819181e710cf60f1348c129b5af7abce3307db653f69485d6200b947bcb42b4de406441587867ad61b48110407e265817b212fe

C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\psuser.dll

MD5 71dd0abc865c9d8873e93478707a16d8
SHA1 6cc5c855b93e455c92fc15853a7ac219f62a3b3e
SHA256 a0439f5455ef696b70a230ab76c15f4bc3d7571ad4fbc32fda95247789aa5822
SHA512 9c5cdf72684a6fbf9fc4194f26208a7e5b877be8eaf1f5a334b3691f7cc281c7f134421592a920f4f3a3f45c1287d04a95631411bf2bbb189e137d1d1d143a22

C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdaterOnDemand.exe

MD5 29b0571d015318edb1c292aea8011179
SHA1 e3a8019b41ae73f2aa213c10337bb42783f5b5ed
SHA256 cea433e8fea8dcf1705016545abd150a2891291ae122a776cd66ddb802a17587
SHA512 8ca55fc8e86b0f147ab3b358009b294780030137710e356e405ea3f7d48276e4387e83bc479d72bf068196d6d33c0b5524528b52fd145ba1e8161073aea62951

C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdaterBroker.exe

MD5 558a3fa51457575ea29f9b041729ee8b
SHA1 7196875ce5b68f088e19fe4b7cc07bec29cda038
SHA256 74bd216198ff11f08542473aaa7e5a619b50574e344ba8e8ca2c19ff497bf284
SHA512 a0afc3650879d6df55abe2ca461631bfa53e78376f1a702d42869026caae035982e22df938d48d7dc42d6482237db614a06df067e2d3f89cdb2b915cda9ed5c2

C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\psmachine_64.dll

MD5 19e105e099b7653cf60ff5783ec59453
SHA1 9d5ad1fba3c03ce4c3841ef41f776b45ca9160d4
SHA256 7e05780afffb2834ec4e2e1d67c9031616c13394ccfeb3a3c678415f19ba1104
SHA512 e065358e22fec9d2d323e7acdcf3c4c81a629f4580e068f9b078cc414f2dc5b53912596cab2cb40d5247a4746acaff2572445596f534940959e0b3e87e43aa13

C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\psmachine.dll

MD5 b10f0939bce18ad24102c03769ddab9b
SHA1 99b7cc45792f6ce7e270755e46a39f90d949c583
SHA256 442af0a1a403e17b5e5676cb49973d9e3ae067cfe9efb8b669bf413f7b5a2e1d
SHA512 2f7462160d0adaa84e4996cad27bb43a656d991bd8d8957c9ae3161bef4ceccf1923d27b59fe69a8ace048d9b663196ef44e7a7aeb52e9b93b560e10a3069121

C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdaterComRegisterShell64.exe

MD5 10b82dc9d9a29bc4af224981f0e1c6fe
SHA1 bc33b2eeac62916eb9ee93a3f1ed6a0eb7611187
SHA256 00cd644354032257a39ff710ddd03e9fb98348f5323dec31ca670c903d68274c
SHA512 a3c67a858ce7889506572e2448b5d1e936c6d6ada2a04736b1f6cfe12b9ae46e9ee8c925778cda273db54000854f1ec4a544bcf2255770b978c7c6e9e24a1664

C:\Program Files (x86)\Wavesor\Temp\GUMB4E8.tmp\SWUpdaterCore.exe

MD5 d40bd627bfb2ba39c5452a71a450eabd
SHA1 a0441dc20102fa71225f4f61675537d0549d5353
SHA256 8af504dda28da0896cb0e17273878d285d8cc1f912d304b21a49940fb577a0a5
SHA512 434a8f5154a509bda70ef7af58e0029ba3ad9da0e3803f9975609cae65a1fdc0449d3a8d110a6928e9e621c7ea203ca98d96618c1dde3dee3a8110e806c05499

C:\Users\Admin\AppData\Local\Temp\nsjF500.tmp\setup.exe

MD5 10311774d51e95a45f7a3cdcb18de01b
SHA1 f36e244f6a8dca0ec4c5f8f3cf4aac9194700914
SHA256 a83f3ae723657bf6fe90e39fdb1816f9ca652a310b98d8da22075adedc21071f
SHA512 a41b14e5091f8c27b728ee87842b588eb85384d2e8f3469fb5ec9019385b15b75ef61e56dfa4953670b11d7be6d7b582b86b2283d4cd3f281e827369dabd1e8b

C:\Users\Admin\AppData\Local\Temp\guiF26E.tmp

MD5 d84489371a9426dca0cb2e83daf6bf0b
SHA1 be3e8c9c84d469d2bae344f8c6f8ee484812d6ba
SHA256 5e1cede4ea5c266fd4ecbd3feb9f6b7a518705c7af061caea58b71e4833caf3b
SHA512 50abee7939bfff66986da51b890a80018551f9a91286dd30b3ceebaa6f327bd2e4f66ac5ec6dc9378d001a5a637a69f4f1325d22b19fc0c89c0f573b54fa0f49

C:\Users\Admin\AppData\Local\Temp\guiF26E.tmp

MD5 409d4d2ff56da0cd48952726eff9d1ca
SHA1 016b9d8d6646582da0b292006b624091373b8f12
SHA256 72bb1258cabde5860aaa51e3097052fe13f6b9d541b16623aa31b84e877801c0
SHA512 48814b4f9cc95bec6177735454a5dc5f7106464649eb216e51f04f2411528ed5e8bfa1c8ff489637a25dc7323d5b7e4bf953694d2b864671e7ae71360fd0c7f6

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad\settings.dat

MD5 ec2f9eecca9c664704b43d97620d8a66
SHA1 4a20e7f0f842d572d36cbb7660920430d803ab04
SHA256 6f30d168ee6031268a5fb73a55152a0e7fb8c0c388f1627abb0b6eb5241d9253
SHA512 d2e393542f39d34c7ff125f54378b97dd99f55c16a66b17b796b9f8a899037cba2eff7dc48dddcd52e0b7a360d4ec0264a5ae0b731dd2703afb20d69bc44cda7

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

MD5 7c9abac1daf920c2330f139dee040a8a
SHA1 9dd5c32ab9cd59f5f347e6afbc83c44d9eab3c7e
SHA256 c451206e59d0e62a8f9f0b0d6d475dd47a6610e0463440b8c8a208654f498a31
SHA512 3c52e593f972ea34df600f9b5c6c2311129dd04b90658a46d0402440fc4e26a4ddc61a2b7da0d43f0add327b294ba17aa6962c5987f56f713482ca2423487f5a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveBrowser.lnk

MD5 9aeb0cddbdfeff87659cda2752b19c57
SHA1 2e149e22963f1cd5881ff915415ec87088ba9e77
SHA256 ba0c6d2d334e031c60be955e22a2520ab04a8732f58400195196508c7ba6aab0
SHA512 77757baf025af269b84bec9d09598b4decc0c93620b4ae9bb86758038e0ea9cb7662ead5e1471eb08951a4728335c49a8107b50381aac75cc3cd519318b6061f

C:\Users\Admin\Wavesor Software\WaveBrowser\1.3.16.5\wavebrowser_elf.dll

MD5 64bf5349bd5740de1041d6bcbed61137
SHA1 6ccda58e1718424d1ffb5fb4845361779b0643fd
SHA256 424201e215f733462764e3291b0a679ec40b41906b6122fcf46ed2f13c4637f8
SHA512 fc4b15029f9a8467f4506eb3ca8c7f9be272459d1bc03e16865d13cc9423bd3d5a78260a0886284e4ade2c84bd9c167722ce06440f54498de84e1a886a0a9d3e

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad\settings.dat

MD5 ad9438588a2193199dc50b82899275d4
SHA1 ecf0c7994f8ff5a616ce32e9816b76dfc77441cd
SHA256 649c936122a975ffc546ae02301642e9014269886cebf25fa6f8f9a70d092ddb
SHA512 a6c2629ac2f70b01bfe5a3149edea1b8b42de66b33b71a54d007b9bf07c31464ad7bdbdeebbed9b39b7f767d6e90cc6e8efb2dcf2fba319109bf4047e65ee8d4

memory/3960-257-0x00007FF9F4A40000-0x00007FF9F4A41000-memory.dmp

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Sync Data\LevelDB\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\9f569abb-99ab-411e-ae13-d214876a49e9.tmp

MD5 dbb809c9ed271936f6842f22d0647bd0
SHA1 0276c592bacba0d2a3aacce241b3340c46a13f80
SHA256 b40ed97fedcf048b92224e3c6cac62dd8286732e7a945cdddefc49d8cf5bd398
SHA512 0e7edfcc08cb0969aac0e07461736a85e175ba8652c564924140f70d251dc0a7ab0da26a6d1411ce7070d45d6c7a95d0fa9f93165483cd6d3cd33d5d20d85f22

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\GraphiteDawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\GraphiteDawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\GraphiteDawnCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\GraphiteDawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extension Rules\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

memory/3960-256-0x00007FF9F5270000-0x00007FF9F5271000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\scoped_dir4540_855556287\Sync Data\LevelDB\LOG.old

MD5 604cbd5684413a9d7e805170fb26df7f
SHA1 c32a9a141ff2710ec4609f2d97bd3ee6ea20dc21
SHA256 0f47aea5c2b274c9b17ec9423d9852a3a90ad098b1f2996be4e42332b866145d
SHA512 82044e3cbc1402abf889662e9bb1b218b22bc0e9a5edcba9cd8ef092b149f49fd972d62ca2ed9c256f70e90c35edbaa4adf955f2e0d88dfca218fa24679a03a8

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/684-420-0x00007FF9D8670000-0x00007FF9D9131000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\106143bb-97f6-437b-a561-ce5440b19ac1.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\images\chat_notifier.png

MD5 4eba440d879297b53e81849522de4a12
SHA1 fb2daf0785f98b4d9635aa87a7c7c1363c784bc9
SHA256 5f892c3cc9aa33d8e054e0e4ba234ac3e3747ed765b0be87b6e1817d3cbc5a56
SHA512 b1c670c1bc8fc4675f15449e3517bfac68d07e24902b53ac14c604cc3981976a3a500921c277ea963c774801222a660465a4df426d18925fd77008a29c92b99d

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\background.js

MD5 b16b9e1d4c53cff89988d614c9e06f0a
SHA1 54687c14aa10eb4cb7fa9408bd80315549d0cb1c
SHA256 acf3f0174db217be8b313a4b8c405c54d6504a53515209dccd87d221213e4cc9
SHA512 2e107227fd4cc973d63929ce24344c2d82229c5f1ad877f8f4161510edf89638f88d5a792f45810842d1bdd3a92067d238ed497188f143db1c4c813a5109bf54

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\icons\icon64.png

MD5 6a24faba74f6ab6282066353ac1b2ee1
SHA1 30c1e8e030feeb4fa79b256df1b74ac9781fe0dd
SHA256 1fdbb30f30aca89656b46743706f68ac6e04560e87cec534549e4c31ede697a5
SHA512 79b80757045a01cb22d93cf6174361344a6902c66387bafaf5ecb05d46675ded72291311a2ee8de54654b031504c75503e2767a30fef9382f02cc0669ee38160

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\icons\icon32.png

MD5 ca97c6cdc62f2396e375ba03fbdc1a52
SHA1 64805d7a5959d06825ac10c2b8edc4b253e64f57
SHA256 d989185077f43440d4adf982c585964ef3630d875c6d3cb9b82ce5c1735c2cf2
SHA512 504524289fdb1eaef5346c679c6b9ffce0531d9ebde984ce7b6a18777a97bc6a2506e422b71aac78437e35c2ae7dd4ab53766b53c223766ee2cf132dc69e278c

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\icons\icon16.png

MD5 50e58666f9b75f209d6a972bb251100b
SHA1 2d6724970409c92d3b11e0d5a0e90860b95384d6
SHA256 e5389525ba1c4f04b7d5693429a357a5c6277ae931abd2248a965cf5f8d427e9
SHA512 903a2c6162c8c34077a9d7fc964a8713320347fb08911865a4bb3805d23cfc7a3fabd32e91400ceec88fa87b0417938f367b5355fa9791a6c92e7f069b8e676d

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\icons\icon128.png

MD5 75bf627df24fdc7a83ba01d9d08c4952
SHA1 cb195ef8841d309426549da494dac455c020c02e
SHA256 7e5cfa06a8ee0e6581b54abe90e96bba2cc08f30512c926fae7d8148f53fecb7
SHA512 6996575a4778946ddabf4a9a7461a5a0b5b7af043023ac6d42dd9540cf380d72277849669714586429ab053a89e1cce55d5dbc907c94b78fc41c70859156bfb4

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\images\messenger-logo.svg

MD5 4fcc5269a37a3d5772612db23bebe777
SHA1 513c73e431b6b4a0e572dcde4453431515f05c7d
SHA256 d4e5cbf1780329e64b2a0555f28d437c7feb3019e4fbec9a11416b0e3c9b7408
SHA512 582c630d2f57e3c79d6767504b88546c187b8cf385240cc22ac21222ed65bf9ad319d7e3bab67aa4a225c058957c9524575277b9e84762c638559e83281b8a4d

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\images\icon64.png

MD5 e879b5b5b5aa6a1a5d8c2bcbaea4980c
SHA1 f5c3467392265bdc7efbdb5b763f7e02c0ef9fc0
SHA256 0e53df9f306c6ef1b7166557f16ea8e1a3623e3b9435c4d41b38cd9675ede020
SHA512 f885886bd3ed8f60abd94be9afd4091e5c258a736917383ba2634f4b02f8bf7766091986bb1bdbe29f2d9213b9f7b40c2305bf4e79d973a097d1a3d931e1bab6

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\images\icon48.png

MD5 0f118b648f5281260ce531a01cc60433
SHA1 1aa39c1127276ed9416e1e584e1a676a5cbad444
SHA256 562adcf2274dbda895c3af3ae1a76d55cbc848749bc45ce3004f2471a7ed6436
SHA512 191432638562b55f3d76bca6745b4c4f99838079905f76e3835c1be4a0c48c7e092bf52e0cde5702891e5af861ebe03dd064753b0f4a5c98b1cef10d1d7e7ddc

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\images\icon128.png

MD5 0bfba0954935e27aa71671f0779f40f4
SHA1 bb265d4944b6c9eacdd10c175f431e72b69923d6
SHA256 f0a2377fad0525feb0254df9cd50fe8070bf415da7657afd559ecdf3e9d8a5a1
SHA512 d975a61db626a79914c3c28bcf24bac6456784ba46115ac51c6f954586317c1da52be8a3a5a23bbacc6c5976d7879fdf37ee0a74c7a4a97624b42c2e5f6cb9d3

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\message-hook.js

MD5 e088a86c8b14038a719ca0c5990b30dc
SHA1 76b5ae33796d26be67b44f5aec02d7ed94e10903
SHA256 87179e85e074330c367b64bea5c1385ab53387deb150696709a974bfd52d6a43
SHA512 16f5f541e6f8194e1da05639d24573ad3046e5d8eee97a03a343d64170ce673e0b479ffb2e1bec5f2607580854eb6fb28415d4d7dff88b7e83d14d1b087a7432

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\manifest.json

MD5 788c1aaa94807e4ea6064bc215a114e3
SHA1 41592d660e066c628df6dc3406fc6f7a62b42e08
SHA256 2d4b2baf75297258071663b7bbfb4f12bf5748349e8c8c617d076c5e3a1f1806
SHA512 be9ebe997f00559b70a0906957989b382e3084c609d9bcb4ae3993cc05c2b0aac355d4d2836858275f28bdc166683baac5d346e05e26d0002dbb194b3f8929ae

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\main.js

MD5 2be0de383183641905ac812e718bde63
SHA1 ab95210aa7c5db31354fb761cc85b2a53f7e0f7c
SHA256 1721f74838edfcc96c81017d19e94e903c5f343b66596f5d9613bc92add67ca2
SHA512 051e82f2192587cfd83dcaeb0cd77f2580c0624a8d3926c7326ba3afc68922ebcb98ba6c4109f4128339b7fef3e8aa96c24e78fe89f7ed8437b3290c455aaf47

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\index.html

MD5 a705c2853ee7104c606695c1dfa30193
SHA1 3b1e4bcef2dc77c98952f5dae211cfa7dfdb776c
SHA256 b08a7e81d0d405202e0a9be7d4370b2d224fc9969c60ae70e3ebe47dc622e805
SHA512 64822c4f19402382ef5e9b771459102fc7b979609028e55ed426b8f22abc35f9d6156cd7a3392dfc6c9c3956257ab4685cf1d62ebb5ccd39c663d22d216bc62b

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\dnpmpbbfdefapbnfffohgcejpogkbjbp\1.0.4_0\images\icon32.png

MD5 93ffbf5247e3685efb761b6df853139e
SHA1 239f8336050b3f167e0992b99763b110c12f4c9b
SHA256 6b8407040b26f8076c2d8cc044c92e33c9c7d3ad6d29f32c5091d81380350f97
SHA512 2efc34903adf059250daa726a74696d39f5aaa94e569e0ecf12a61bab0b5ee497394f0aa889430bb17472a5778c7f7e9a222cbb30386c85c4af544c6e2e09a52

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_1110679144\CRX_INSTALL\images\icon16.png

MD5 36c63692c9fe7b9e3c4d35d27bfea22c
SHA1 82215a6191dc31d30f35d34c609b52f6a3afec15
SHA256 fe35a48804ea6068efff3b2578244922b4485636d24f0f61711bffe7b4c25338
SHA512 cf21010ab67a956eabcaad8f867af62a0bb1130c9fb066bbdca57534ce09c4cfd397d53d7ff5600f5e0aa54b0116aebbbc04b4c417876282adc1ee81ba80ecc9

C:\Users\Admin\AppData\Local\Temp\scoped_dir3428_1375744180\CRX_INSTALL\content-script.js

MD5 ec6c8a879398cf1a9cb49d940f22f312
SHA1 c950d247f78864e7a159e0e6d7deb54c4eacbade
SHA256 dbf6ccdb61c9e9287a12d830a61b3163d943c985a1f5899b2ad00ae8072e1cef
SHA512 69a27d8288900ef30725ffb978cc922b4adb821343598722a96ac1f5f15aa2bf36f5fedfaa54e4f9c130449ee33dcf757596ada2be2c80f9e20755d1acfa7f0f

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\css\options.e6e84e00.css

MD5 d696e922b473abfa555eba5833752121
SHA1 b8112f53a9d92e666c4de5258d2e909d238a2864
SHA256 11db5186be7fb14d46e0e42cb0229831754682ee3cacb8ce2613ae9b6684c4c2
SHA512 66086f99b3deb1766bd8245cec2faff73a27a993a8ed60633d19e7feb2353c56a6c9ad2a5f3dd7a66507d0722d1a433c42a38976198b7ca7cd67ec6973f5334c

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\icons\ymail128.png

MD5 0c60ef8ddf9a2a85653dba05eb30152a
SHA1 b578eb165163f1882b0ce2331413e02c19ff7d55
SHA256 90c24565cca615f4c105adbc869516d104fc4ef4b8e16b687b138ef1e3ff4b52
SHA512 87f15e363fb6f4a279875f86a401827ee07b8ee7583d4b1a762816803c532620153fffdf4364e9b53cc4891b5fe90e11754021e821e1d6ec4a73dcaa0f594dd9

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\icons\icon64.png

MD5 5250676fce3d9420ccb8d8d9fa8195bb
SHA1 3a9cde2bb48e1439c7f77deeb98ae6d8b92dd2eb
SHA256 d51dabfc17737b69a588a29a215cdc6c9e1442588555b8d4f58eb885b79b3b55
SHA512 1941fd792b635415fae49f0dafed8a6e226b0ebe295fe2865b5fb4451e61f1df72acb4725a7225db1b11b1ad6f54bf6db5455f3e574377a6076d871f3ff97b44

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\icons\icon48.png

MD5 eca4662bec924a31459dfc29b3584330
SHA1 8aa3eb4a7f8671e014a8897ba79f59823393f59a
SHA256 6643ff55eab8446c16581b4b98ea3688d6f087a747a91382f15c6e740822d172
SHA512 5dc4ae0a32f2ce8c140f75c7e9b8fed414b76ea55c5942d5bf0c1c9d13a3e388ee67d34dff37e32249462413fd280464571ee8c921bef0d9ae630a9cdf900b85

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\icons\icon32.png

MD5 35384c99cb09faecb98e1e9633c43e1e
SHA1 a150602bd52796f39a2a516fa433fd2a0ea74cc0
SHA256 e5f75e716884ff58c46b29e1d44f016ec85b6ecaabf4ee6abf302e76b935c387
SHA512 acd095bc4ca7d4d7781860fa6c49faf5625f0b2ac3624b85b29aff6bf07e57d8523892c6a4b5acea0b14e34a279831efc4c04123f75296cb29f7b51cd572f8b3

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\icons\icon16.png

MD5 eaa867a24d9ad853f918a6aec3c20033
SHA1 6cc629b399440b27cba3feecd3c10233b07112b4
SHA256 5de849a40397f1535caa858fc91b7281a806a8a64b05e4e4ed9c572b42b99325
SHA512 a1f5ca680b1df9539d0a29d1c9fb312a4b74bd124baac133ffd2536a08b4e767ea827f43208654800be6a744ec82f3ed3834a53e839ff4cc0a5fde4a4602311f

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\icons\icon128.png

MD5 0af6f1fe3add74f14580e3f1b59996ac
SHA1 6fa6c2294ced9031cddfd415995920fca4da605c
SHA256 4579d09ce9295a8419245c2aca45ee91169e182d5861cd7abc061145c53cdea9
SHA512 8dc2c54c9f387da1f46b1ffb986f698e94769a4e269ed7f4108f0540ebe575e50808a7ff0901a350ab624fde0623ad4161c321593832350f450d9a68fd78c18b

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\icons\gmail128.png

MD5 abc4ccd4708424476971338c85ba3c58
SHA1 0db30888ee3aff9279f5882415a8de0277664934
SHA256 ccdaa6965bb0b82ecefb62919324815cabef742506d77de79e36f7beab3fa573
SHA512 4b8034cf788e726a63a20d43f06764b3acc21ec94ee3c8f7f0fc91102efe54cce7f1be40262c3cc59797a4a2236dd3ac93011f52291cddc680f94db304c843cc

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\js\options.00bb6fbd.js

MD5 a80f6bee855becb1170da53175c84af4
SHA1 78740f3ae6f9708b4c0c8449c84280ffc1b269d5
SHA256 07faf94d6340d2f5ca395c57037b5e98f6277bcbadb72c6091d092508dbbdeff
SHA512 7622930e7cbd2f86b1b71528adc2170a7b7a2c19d143329ddba621093e579386622e108b4f5e47f351c846712436e87176b36c54eaec697ffa67eccc563c78a8

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\js\chunk-vendors.8d4b78a9.js

MD5 5c8bec2413d1a2d5ed3c6f56a349c756
SHA1 539f1a5a0735ef004ab79946cab89649f835c0b8
SHA256 ed951b5d3a0416421fbbb2ce879297b258c169c7c05744fa21506e6547c28402
SHA512 97c52262619a70e2f4b1cf7723952837c4a380a1487cf2f1004bf92e9e253769a804948916dffabf954c7ec02a340c9afb644848179d320401422b2b94dbd4f7

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\js\background.js

MD5 4d658c9546ed50df1daba2028a25aec1
SHA1 3bc39fd3a66e322418f6b36ef95239342c039cf8
SHA256 a0c6c4ba721d577350bcfc10ffa4491f87abc04f2fc7eacf0fb650fde4e8376d
SHA512 cac5c79d90713f6308f850010a38b8c0ea9444ca8d08ea6667fcee14d7bf5c7bb423cabba9f05ee2c9a167393d33696e07118f075f971e7a6ebdb3fda7ea0be5

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\_locales\en\messages.json

MD5 3ae47e124645df64a994f09171695c66
SHA1 32e1f7a89cb14fe2e516f400451f113ae8135c2d
SHA256 c5cea8c6fe04b30d8a5490f0bbddd0b3dc3fa4382dde777105bb3e80d2992dc8
SHA512 bcab9ba96d0ecb78cac7821296c7a6b0f684aa04b09e51a6c52ccbd0a299a87f165ecbbb6e1f2935e7727f7fc710d2431ee346c6ea7606d1cfc1a049c28397c5

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\_metadata\generated_indexed_rulesets\_ruleset1

MD5 91d36bb6f1b9cd523789bef49d18745f
SHA1 2fc34cd560f04d428ef2965dbf15cd730a77ebdd
SHA256 1b0293509d472f044cba12851e475f17067a86586b3d1a96017fe3855416aa4c
SHA512 7a0dfb513878db0ec7f008b9926c7d37fa63afc7d23cf9ef5c3d21eddb92f84b263782a4c9c8b6758c3fb764e159b3fb9e9a3752e086f5421509d09a0ac1ebec

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\options.html

MD5 22f534e02876baa5e6734db9dce8911a
SHA1 d4be3bbf0c8ebd23416a95fd7a2200955affa260
SHA256 c661f2ed61e9cbf0bd28cf19e3fa9ae1c888b72775d0e378a726160a4be40c3f
SHA512 22f06e242acf1a709133c7a4ff4ebe5053d2266fe6b01d0537ee72264b746e02c50e649d4ef380919dc398acc5c21f99a125ca5942c09a045e970b5aaca513e3

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\manifest.json

MD5 b5d0aab89982a7990c677db8b1e50e47
SHA1 1d3db6f2f96a6501ccfe8c854853cecb48b1fc91
SHA256 fa430dc95ee3e43237f36cf6832e75cc0a8cdd472467c61a74e50bcf20b03872
SHA512 ccf05bf42c36a2a15449f99de4eeef21842751058750c27d6768a55d8fbfdb2118934da13669ac2b30641cc730783dab6bcce88bae6b24d3496361ca9bd13637

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3428_489197799\CRX_INSTALL\bg-wrapper.js

MD5 63abc1bee2e752534021d902bf4c8319
SHA1 e77685d175296c90f04bfb586f71df7fc5c1e44a
SHA256 0a48213b9a577ba7d1dad1f28e6d7394d6ec81ddb6a3d240b6fa21071a22243c
SHA512 0f5c3f5e6fb161600ef9d046e387626150ce3acb5e8f1de5b48544fdc4eae2089f7715f2ec0cbd516d4c879b6b78d829a628118e367f6eafbe38f9850ccf0976

C:\Users\Admin\AppData\Local\Temp\scoped_dir3428_992723239\CRX_INSTALL\css\chunk-vendors.67b6e527.css

MD5 a37b786ba2d74b8006c5cc08dc1dc140
SHA1 f056cf24b9a35c5072175dd94362dde6a75d3bce
SHA256 2b6e7fa075a7c50adac2642622b0b4e48b375ba62d10a7d69cd83d2ff27b7194
SHA512 294ef89dae57fc4bb413d47b6e2db2397e27d244417e93b35141b106f403e41e776babb8c0fd9084d4637c0a490e2647936b163012b90f5df5a63d17025ec943

C:\Users\Admin\AppData\Local\Temp\scoped_dir3428_992723239\CRX_INSTALL\rules.json

MD5 e89a86961cc6a5125dbd885e8f8bad5b
SHA1 a2849b637bcec9dd3460b262c7869d8075438096
SHA256 8b8dca5d206ffcfddfabdf3c0c90f97da2bc8c993675ce616891745413ac93a7
SHA512 9b2a87e5eb5ae4c399e8fc43acab07cb73bd3d9762e418b6b3b6e777d2d047f49c422ea9d1dab2b6da885c945b680d0d703f1e0b2e3dbf24d06b5d28bdfecb37

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\hbgjioklmpbdmemlmbkfckopochbgjpl\1.0.0_0\preferences_schema.json

MD5 a192304f63ef26c80086f835cc4b7ada
SHA1 6963e90e752209132b728a938844c4c64dc94d43
SHA256 4f72309f9378f04b3f1cb8f46b031ff513ac63e5056d96272f2bdc6d39dcddf9
SHA512 be619909cd0c3465966a4018847310c1493bfdecad6f07bb28293f3dcea73dc377f5d52cca040d626368e17828eae28384fe51d20c4a71925c5f31eea8e18561

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\IndexedDB\chrome-extension_dnpmpbbfdefapbnfffohgcejpogkbjbp_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Local State

MD5 0e76b4535c4604d8810596a30f8ff3cc
SHA1 02d56c884a2ae3b5117a311e18664c415476ccd2
SHA256 9be88f0155a6f98ca74e53440a406daede09f9c34c8eee2386af55355e708e5f
SHA512 1c8981bb249b34ea75987819d5b4af5ba5b3166d2b8fe2f81d350e0b6b9e2814b5055683d05b1987107f694c31fe1956a529657465e3a3b7c3b90ec5b6a88f92

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Local State~RFe584987.TMP

MD5 a800d6ce2102409fc42b48e0788b1455
SHA1 e23565a551938cccff23eb940a934970a8bc9d46
SHA256 f17a7b1c10784ca2aa63a64a56510d3b581174be2661532aa823357170e7aa8a
SHA512 cc47e23680e36295be99c8acafee3b93e738bc642f7d55a565175793d70755575b25de0c860011d05d1a439c1b449601ac90081ff85645ee2d011b9a2f539267

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Preferences~RFe5849d5.TMP

MD5 2cf944a886d0b01f8436ba10a2418e80
SHA1 f9a9840615ca21835790bc092459410103ddfca8
SHA256 582404a96c57df32ad2a42b1a62f277e5f053f2960018cb36df7b02f45da2401
SHA512 7ac37ada83ae1a7a6744f0576abb09ef82ed75e7ae3cc75aec665808c3f879aa7255df45081461eee66acc84b476c28a735fa9bf5885802b5c4722dd45e6b8fa

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\f61201f9-9f85-4356-8c1d-9857ade995b1.tmp

MD5 9e3b0e04bec5b5b93cfa5798c91cf71c
SHA1 c2dc71c786620c1784afdee7c72ac3c03d9d13fb
SHA256 3cc5ae58fce3521088991999b410bb5e459b8c1c0c017ff091c67d82f342047d
SHA512 7a68a8524aba2339e2f723f5584bf290e0c9992b700d8a72d58b4ad5d4a0858543f31c20dd31179088d33bd0c7acc41ddd1113dd057adeca2d3c2ea39d05aa0a

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Local State

MD5 11654d26e697f667cc8972f465c3c00d
SHA1 05f68caeccbe87da1e74b27882e8a53008d5e450
SHA256 559610dba9baa9dacec156852fa6fc514bf3e9e06f8328efd98677f8c44eac1c
SHA512 fe4a44d5f017842d83f199054e4717c038f56bf46ed80f00dae4bcdeded806ccb26a85290fb10d8d926e3c856481af5d44eaa6970b5de80c7cd5d47b01dd4bd8

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Preferences

MD5 f985d6aa96511249644eaf0827e596e2
SHA1 94beb29541e96b8748888c9f5fa60401aa345ee6
SHA256 2564ea54007f5a0d8ae955b56f8f42f42856fd40fb2f23e51fe017a852cb3c33
SHA512 4862ea2980b8694c2e2601674e26a8a34ed19328c97a26203d33bcc58a99eaad76fca14e5d97b74199112d764871e34ccd8478046e93b419a7ab9d58680ca931

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\4e398e06-7c5a-4c66-a85e-616da4202863.tmp

MD5 aa9556307d27a6cf8bc23f67b443ce30
SHA1 0f6781ab92c1f047b97290e96c330160f27b097b
SHA256 ca04e93752beea5d5aafd022aef0fb830bf99349ef8977570de84ea3d8e967fc
SHA512 f7c33e6092e371e8e033150e3c0282d437fa54596399c96505ad03772c588c9b26a453b8a0f63c7a7f4124ca383bfafb87f22d40dd62bd1e03b4de1ffe2c30eb

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\64f72c16-3cf1-4c63-a66d-0e5858c1b5af.tmp

MD5 79e7d4bf99bb074aed764d92893a2de9
SHA1 405f10f8bd76c0710db6d7183fe4b23cd4dc4b8c
SHA256 836234e9ecadd61c64c2e4e1dd9ff23999ddad56e08a14fe9c383bc200a8af32
SHA512 7255d83a063dd6379a81eff342fdac9ff4df992c7e7fe5d92b1df586098ec3e02c7f4b287aaae8175a9c7b87f1652c2907eebc00af2ed7fdcaf00552ce219827

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

MD5 db4e38bd8a1f7b90ae70629ad99e30cc
SHA1 174f749345bf3fd59a151c8c37aa314358fa5068
SHA256 7fd1b31f221e4cf526fbd7da58665ea3f0cd7e7802c2d460f1a7c0c60152f062
SHA512 ceafd0c27cdf36c2632ede56d16e1ec99e68f582a89424263311199a9fed94ba8c8b8d2a1a5cb0a3b8a8757974e661f7422b60efddbc4496f8cef178edc68870

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\TransportSecurity

MD5 668c68ac1f2f8381e9d3f909ea399d54
SHA1 ae11b8e771600c4d7cf6290711c938834d1a9699
SHA256 66d4c941b39ff403dfed15acf0369324e4a30fb157a44bde92ac67fe71dedea1
SHA512 d6b61874c14a50a671d9166883ca7f99ece6b577eef5ca52a01d114cc4708491f96b90a755d4590558532fbf71c5558473d44c6f499099d4f62df3c9b0418495

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\TransportSecurity~RFe588855.TMP

MD5 ef948ed16f041e0f14770c96424889ac
SHA1 5a5a996f83982a70caf998cc0d6da82c1fe13e8e
SHA256 7460c6180133f8790c1160326078f2a73920d29284d2f638d9b12fdff3240b6c
SHA512 c49566cb3748acfffab6eff977e7cbef335ca6634035c56e26af8473b341f9456732d439a723e1d554507374021d0b59f6701746c77120feaf18a5b4926e75d5

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 ee92ab1e488dbc2718ce67f9f4579625
SHA1 71b6b4e004c094ffcabd373eee127e031bcd081c
SHA256 eec664a5cfc61a3917617f8435fddf4f92253ab154823f2904bd206327d64aa9
SHA512 85c0f44b9fb6e445d53682292947216d5f9555ff89a84625d5557e962b6c289576fb5af7f4e6100eaf59e1d7322a047401686502b28e9e745c66fde96dc7eb00

C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588f6a.TMP

MD5 502d01b362c29551a2c687df3f09efbf
SHA1 7179f618ff3f91c92b411597cbe4c4251010b299
SHA256 dc7cb184cce679192c85e2c1430d2c504869d5c3371162d0266f9f01c1f793b8
SHA512 eb2b46087af8c47c97b1aa1925b2793898e5873ac47733c94314d731fa3c77d63b7bc2517409fa4b1ae060c397afac08c4cafb92ca6e1abc3d9e3c489cf9280d