hxxps://getwave[.]gg

Analysis

max time kernel
173s
max time network
174s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
27/06/2024, 17:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://getwave.gg

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
2080	WaveInstaller.exe
4136	WaveWindows.exe
3628	CefSharp.BrowserSubprocess.exe
1236	CefSharp.BrowserSubprocess.exe
2776	node.exe
1376	Bloxstrap.exe

Loads dropped DLL 24 IoCs

pid	Process
4136	WaveWindows.exe
4136	WaveWindows.exe
4136	WaveWindows.exe
4136	WaveWindows.exe
4136	WaveWindows.exe
3628	CefSharp.BrowserSubprocess.exe
3628	CefSharp.BrowserSubprocess.exe
3628	CefSharp.BrowserSubprocess.exe
3628	CefSharp.BrowserSubprocess.exe
3628	CefSharp.BrowserSubprocess.exe
3628	CefSharp.BrowserSubprocess.exe
3628	CefSharp.BrowserSubprocess.exe
3628	CefSharp.BrowserSubprocess.exe
3628	CefSharp.BrowserSubprocess.exe
3628	CefSharp.BrowserSubprocess.exe
3628	CefSharp.BrowserSubprocess.exe
1236	CefSharp.BrowserSubprocess.exe
1236	CefSharp.BrowserSubprocess.exe
1236	CefSharp.BrowserSubprocess.exe
1236	CefSharp.BrowserSubprocess.exe
1236	CefSharp.BrowserSubprocess.exe
1236	CefSharp.BrowserSubprocess.exe
1236	CefSharp.BrowserSubprocess.exe
4136	WaveWindows.exe

Checks for any installed AV software in registry 1 TTPs 4 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000\Software\KasperskyLab	WaveWindows.exe
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000\Software\KasperskyLab	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000\Software\KasperskyLab\LastUsername	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000\Software\KasperskyLab\Session	WaveWindows.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
29	raw.githubusercontent.com
30	raw.githubusercontent.com
31	raw.githubusercontent.com
32	raw.githubusercontent.com
2	raw.githubusercontent.com
22	raw.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133639840187120814"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\WaveInstaller.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3080	chrome.exe
3080	chrome.exe
2876	chrome.exe
2876	chrome.exe
4136	WaveWindows.exe
3628	CefSharp.BrowserSubprocess.exe
3628	CefSharp.BrowserSubprocess.exe
1236	CefSharp.BrowserSubprocess.exe
1236	CefSharp.BrowserSubprocess.exe
4136	WaveWindows.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2776	node.exe
1376	Bloxstrap.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3080 wrote to memory of 2684	3080	chrome.exe	80
PID 3080 wrote to memory of 2684	3080	chrome.exe	80
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 3740	3080	chrome.exe	82
PID 3080 wrote to memory of 556	3080	chrome.exe	83
PID 3080 wrote to memory of 556	3080	chrome.exe	83
PID 3080 wrote to memory of 1208	3080	chrome.exe	84
PID 3080 wrote to memory of 1208	3080	chrome.exe	84
PID 3080 wrote to memory of 1208	3080	chrome.exe	84
PID 3080 wrote to memory of 1208	3080	chrome.exe	84
PID 3080 wrote to memory of 1208	3080	chrome.exe	84
PID 3080 wrote to memory of 1208	3080	chrome.exe	84
PID 3080 wrote to memory of 1208	3080	chrome.exe	84
PID 3080 wrote to memory of 1208	3080	chrome.exe	84
PID 3080 wrote to memory of 1208	3080	chrome.exe	84
PID 3080 wrote to memory of 1208	3080	chrome.exe	84
PID 3080 wrote to memory of 1208	3080	chrome.exe	84
PID 3080 wrote to memory of 1208	3080	chrome.exe	84
PID 3080 wrote to memory of 1208	3080	chrome.exe	84
PID 3080 wrote to memory of 1208	3080	chrome.exe	84
PID 3080 wrote to memory of 1208	3080	chrome.exe	84
PID 3080 wrote to memory of 1208	3080	chrome.exe	84
PID 3080 wrote to memory of 1208	3080	chrome.exe	84
PID 3080 wrote to memory of 1208	3080	chrome.exe	84
PID 3080 wrote to memory of 1208	3080	chrome.exe	84
PID 3080 wrote to memory of 1208	3080	chrome.exe	84
PID 3080 wrote to memory of 1208	3080	chrome.exe	84
PID 3080 wrote to memory of 1208	3080	chrome.exe	84
PID 3080 wrote to memory of 1208	3080	chrome.exe	84
PID 3080 wrote to memory of 1208	3080	chrome.exe	84
PID 3080 wrote to memory of 1208	3080	chrome.exe	84
PID 3080 wrote to memory of 1208	3080	chrome.exe	84
PID 3080 wrote to memory of 1208	3080	chrome.exe	84
PID 3080 wrote to memory of 1208	3080	chrome.exe	84
PID 3080 wrote to memory of 1208	3080	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://getwave.gg
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffde4fcab58,0x7ffde4fcab68,0x7ffde4fcab78
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1808,i,820909114269975258,885783972938326371,131072 /prefetch:2
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1808,i,820909114269975258,885783972938326371,131072 /prefetch:8
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2128 --field-trial-handle=1808,i,820909114269975258,885783972938326371,131072 /prefetch:8
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1808,i,820909114269975258,885783972938326371,131072 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1808,i,820909114269975258,885783972938326371,131072 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4348 --field-trial-handle=1808,i,820909114269975258,885783972938326371,131072 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 --field-trial-handle=1808,i,820909114269975258,885783972938326371,131072 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4564 --field-trial-handle=1808,i,820909114269975258,885783972938326371,131072 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4348 --field-trial-handle=1808,i,820909114269975258,885783972938326371,131072 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4800 --field-trial-handle=1808,i,820909114269975258,885783972938326371,131072 /prefetch:8
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4976 --field-trial-handle=1808,i,820909114269975258,885783972938326371,131072 /prefetch:8
  2⤵
  PID:236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4932 --field-trial-handle=1808,i,820909114269975258,885783972938326371,131072 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2696 --field-trial-handle=1808,i,820909114269975258,885783972938326371,131072 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4060 --field-trial-handle=1808,i,820909114269975258,885783972938326371,131072 /prefetch:1
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4500 --field-trial-handle=1808,i,820909114269975258,885783972938326371,131072 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4356 --field-trial-handle=1808,i,820909114269975258,885783972938326371,131072 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3020 --field-trial-handle=1808,i,820909114269975258,885783972938326371,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3040 --field-trial-handle=1808,i,820909114269975258,885783972938326371,131072 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5208 --field-trial-handle=1808,i,820909114269975258,885783972938326371,131072 /prefetch:8
  2⤵
  PID:5024
- C:\Users\Admin\Downloads\WaveInstaller.exe
  "C:\Users\Admin\Downloads\WaveInstaller.exe"
  2⤵
  - Executes dropped EXE
  PID:2080
- - C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
    "C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks for any installed AV software in registry
    - Suspicious behavior: EnumeratesProcesses
    PID:4136
  - - C:\Users\Admin\AppData\Local\CefSharp\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\AppData\Local\CefSharp\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Local\CefSharp\locales" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\CefSharp" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2008,i,14472308643580204277,1615697903653314355,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=2000 /prefetch:2 --host-process-id=4136
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:3628
  - - C:\Users\Admin\AppData\Local\CefSharp\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\AppData\Local\CefSharp\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Local\CefSharp\locales" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\CefSharp" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --field-trial-handle=2556,i,14472308643580204277,1615697903653314355,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=2552 /prefetch:3 --host-process-id=4136
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:1236
  - - C:\Users\Admin\AppData\Local\Luau Language Server\node.exe
      "C:\Users\Admin\AppData\Local\Luau Language Server\node.exe" server --process-id=4136
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2776
  - - C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
      "C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2348 --field-trial-handle=1808,i,820909114269975258,885783972938326371,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2876

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe

Filesize
249KB

MD5
772c9fecbd0397f6cfb3d866cf3a5d7d

SHA1
6de3355d866d0627a756d0d4e29318e67650dacf

SHA256
2f88ea7e1183d320fb2b7483de2e860da13dc0c0caaf58f41a888528d78c809f

SHA512
82048bd6e50d38a863379a623b8cfda2d1553d8141923acf13f990c7245c833082523633eaa830362a12bfff300da61b3d8b3cccbe038ce2375fdfbd20dbca31

Download Submit
C:\Users\Admin\AppData\Local\CefSharp\CefSharp.BrowserSubprocess.Core.dll

Filesize
915KB

MD5
100c32f77e68a2ce962e1a28997567ea

SHA1
a80a1f4019b8d44df6b5833fb0c51b929fa79843

SHA256
c0b9e29b240d8328f2f9a29ca0298ca4d967a926f3174a3442c3730c00d5a926

SHA512
f95530ef439fa5c4e3bc02db249b6a76e9d56849816ead83c9cd9bcd49d3443ccb88651d829165c98a67af40b3ef02b922971114f29c5c735e662ca35c0fb6ed

Download Submit
C:\Users\Admin\AppData\Local\CefSharp\CefSharp.BrowserSubprocess.exe

Filesize
7KB

MD5
516ff62b2e1f4642caa954c0968719e8

SHA1
e349d0ce82e2109dd0d18416d9cf46e8411b7f15

SHA256
19da58849cec5933860116e60a1e94b08e30d90e0f955768270b47998d612045

SHA512
7aa4a0c87b29c2a84f585a884d8208fc2352a43f2cdb549c100e3b121837ad5f8dadb1101f57d1d3fcb7ebec9d9f22e07dc14239b7d2e2d25793c999becf288b

Download Submit
C:\Users\Admin\AppData\Local\CefSharp\CefSharp.dll

Filesize
272KB

MD5
9ca06a8f9e5f7239ca225ab810274023

SHA1
e1a219f567a7b7d3af9386df51b14c76e769c044

SHA256
5fd00ae3e83e6ca156647ff6df87b49ffc7cad47c23fe3ae07c067c5adf6f74a

SHA512
430c9bceed5439b987d5bd4840cfe32411ca61594f18597aca1948aa39a22c9d70beadf3bb9b1dd0373f81a94a25dcba17fa8e8c73abf06cba28d0971d5614c5

Download Submit
C:\Users\Admin\AppData\Local\CefSharp\chrome_100_percent.pak

Filesize
667KB

MD5
ae195e80859781a20414cf5faa52db06

SHA1
b18ecb5ec141415e3a210880e2b3d37470636485

SHA256
9957802c0792e621f76bbdb1c630fbad519922743b5d193294804164babda552

SHA512
c6fef84615fe20d1760ca496c98629feb4e533556724e9631d4282622748e7601225cf19dfb8351f4b540ae3f83785c1bcea6fe8c246cf70388e527654097c1c

Download Submit
C:\Users\Admin\AppData\Local\CefSharp\chrome_200_percent.pak

Filesize
1.0MB

MD5
1abf6bad0c39d59e541f04162e744224

SHA1
db93c38253338a0b85e431bd4194d9e7bddb22c6

SHA256
01cb663a75f18bb2d0d800640a114f153a34bd8a5f2aa0ed7daa9b32967dc29e

SHA512
945d519221d626421094316f13b818766826b3bedddab0165c041540dddadc93136e32784c0562d26a420cb29479d04d2aa317b8d605cd242e5152bf05af197e

Download Submit
C:\Users\Admin\AppData\Local\CefSharp\chrome_elf.dll

Filesize
1020KB

MD5
7191d97ce7886a1a93a013e90868db96

SHA1
52dd736cb589dd1def87130893d6b9449a6a36e3

SHA256
32f925f833aa59e3f05322549fc3c326ac6fc604358f4efbf94c59d5c08b8dc6

SHA512
38ebb62c34d466935eabb157197c7c364d4345f22aa3b2641b636196ca1aeaa2152ac75d613ff90817cb94825189612ddd12fb96df29469511a46a7d9620e724

Download Submit
C:\Users\Admin\AppData\Local\CefSharp\d3dcompiler_47.dll

Filesize
3.9MB

MD5
3b4647bcb9feb591c2c05d1a606ed988

SHA1
b42c59f96fb069fd49009dfd94550a7764e6c97c

SHA256
35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7

SHA512
00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

Download Submit
C:\Users\Admin\AppData\Local\CefSharp\icudtl.dat

Filesize
10.2MB

MD5
74bded81ce10a426df54da39cfa132ff

SHA1
eb26bcc7d24be42bd8cfbded53bd62d605989bbf

SHA256
7bf96c193befbf23514401f8f6568076450ade52dd1595b85e4dfcf3de5f6fb9

SHA512
bd7b7b52d31803b2d4b1fd8cb76481931ed8abb98d779b893d3965231177bdd33386461e1a820b384712013904da094e3cd15ee24a679ddc766132677a8be54a

Download Submit
C:\Users\Admin\AppData\Local\CefSharp\libEGL.dll

Filesize
359KB

MD5
7dd6b0e4a31d35a0fae5ff425707073c

SHA1
fbd12e9f8e2252c52ce555c2ebbd7f07e62a0140

SHA256
8762d8001fc3ddd90e3129dfea172817e8d09b9936eaae391957de4326c8c906

SHA512
726968df6b83ab5f589276672250d92f532fe2dcea2176e42031a7f1dcecf578b0320cfe2a7d88bb9883ad99387d71c6ebf1e9968272bb5e62850ef09abd2648

Download Submit
C:\Users\Admin\AppData\Local\CefSharp\libGLESv2.dll

Filesize
6.6MB

MD5
8803db5b167fb5a5f8a8c595c4e4d7c6

SHA1
7fde861151f3bea66c65b6c2487a30728048811a

SHA256
52a58d25a41f4bd31cdb4a0d306217862e04ebf7c1925cc85330054a5523d719

SHA512
2fa9a0eda221982896e41eb387b5e156198615ac1a1fbac0acffd13008919368b41a240df416c1fce2e48c20a14cd7af7cca9fba476ada5e64a0cadde84a44b7

Download Submit
C:\Users\Admin\AppData\Local\CefSharp\locales\en-US.pak

Filesize
456KB

MD5
4430b1833d56bc8eb1f7dc82bb7f4bc9

SHA1
dc15e6306625f155683326e859d83f846153c547

SHA256
b44ddcfac9df4934007e6c55a3c7f5e7f14c7e5e29f35c81de917fc3b22aabbc

SHA512
faf93bf371b2a88c1b874a5e2c54e4487fd152ad19c2a406a46f55ae75ecd421a779888c2e4c170857b16bfb5d8744bc1815a4732ed50b064b3cbd0c5ffad889

Download Submit
C:\Users\Admin\AppData\Local\CefSharp\resources.pak

Filesize
8.0MB

MD5
4933d92c99afa246fc59eef010d5c858

SHA1
98d443654e93c73dd317f9f847f71fba3d5b3135

SHA256
62f4674daa15245ee081920b8ee191e72f36ca8fe24f6b986a832f45676915b2

SHA512
a3a69523c8e7310716daeebc06c2ba4fce673eccd1958e824ff179b82f4502d0ec095190179bbb387342e4150f952ea7533182fb6ba90377d17dafba8f4da623

Download Submit
C:\Users\Admin\AppData\Local\CefSharp\vk_swiftshader.dll

Filesize
4.4MB

MD5
0ec149455727ace9acc09b3ba2c3a2b2

SHA1
6eeb990876cef6a34115b67f3190255db589f723

SHA256
e2d8ef53897e864b5b66bc73606681c99461798a9f4c1e13ca5cef7bc774d7fd

SHA512
c8eaa598c9439b1f2375fdac1f58896853510bddbd640707b9142c0d3793836120b28d7c2bd0407f0d5656dd19f14b312f37b7ac0165c9cc8b4c1a0f2af62531

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
81f4ee7df3602389556fe7ce1a0aa0f0

SHA1
0616cd89fbc94b2107e303636cf48cab132fa943

SHA256
efd657866b677e104bf9d867e15f35897476cd18db63e0ff151534be68d17cc9

SHA512
80fbf5a4994cd45abd7c4d13ac349346c4f232472b9b89c7d39f23f132b47b9d3fc4eb83908a8d6f306b2e64c1b51384305c04b7ad949ea166f76c6649ee0c50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
1c362af520c004b3c4bce850c1f06734

SHA1
6d98cd1b5df9342135b76038d4620c65bc5e1000

SHA256
77818438b65c8aee4efe52b7cec60d3301e130ab697d31033d435d90cbcd8db3

SHA512
f1cf4ba98e4cdfd11ae83ef4b67d1cc081670915cd7b8f197779938190e8a15a95865e0a9ecc0f4078ac81c8d0ae633526b3bf5a41ad7779c3f392a6931f9e3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
de610389bb45a9b2f61fd9ce661cfa36

SHA1
72c969fe8438b3459f7dd77fb06d13c7cc5081ed

SHA256
6b5d9a76eded50f4e109662d236b777e4af78733bf980673545448fd56303af5

SHA512
1520acefc10aa71eb12dbaf0613a7cebe9e552146c1c3eba88027046cfbf6ab05efdc2d0c274ab6ae3274e35306f6b3cc1f13ccf5357f8280aece6e01e147b0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d5b657f9aee365dcbc8914849e4941d8

SHA1
6c7057882bd0573e1a21fc2ca2923e80b7f61523

SHA256
ec0608f66739191ba4d0ede6f9b99054950663b5e3c7d0ddef1e53fc660f34b4

SHA512
7aca925ef4c75d732e518a7622eaffdf4a33a8b22f1fe6ca333f2c0257c4696056829beb92732b8d73fd2e73b1c79e17f71a0ead3d3e1b427b4adccb92c1d7e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
832e4ca5bceba91f84b3e3d883d63510

SHA1
404f5a9b478c349eb613d1636a306de83762ec63

SHA256
c63fb7e9cbafa57c590b8e6aa517b7141b2407186bb0f197a0c0511b5219145d

SHA512
698e50bccdbe699289c6afbe57fc74f4a71742a85c67d605fd95aec48783e248e8cb0d92857da669bc22ce030a682748d822d2ea4261195e2a06a184eae29216

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f215d4c80bf0318e0a6db722e4c745a9

SHA1
7f61bb6d6ac1fe8d590b50959d74cebc2ee2746c

SHA256
69ffbc82e9d3f4e5f9dbb32c3c915540a1b42ba0c6a23da8657859c01763e031

SHA512
43dda48fefa677209e0f7a9f7ac2a8c3f4929a83ac3ebf1bc7755c6f4af0303281b69964dd30f32321ea61906393f4a8cc96c41d79c134d2f03d69101245bb2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d8df774d9fd0e7f085d469556b3cef54

SHA1
f5d7d92a716679aa5c7831d331dbcaaf9bf53c25

SHA256
6ddff5f0386c0dc8382877e2bdc942632f15db3283343fbed7c677ce51340e36

SHA512
ac170f3bed483979497db53b1c70922ad945c21c3dab89e3467667945b5bac773c806ef3ce43fb75e63b05844f846d2adcc82dd7e3303cea151e681463d47cc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3195e73a03c27bfd76ed60e93523d7e4

SHA1
40a92028b258f4954dd6f390b0f1da0bb79100ea

SHA256
f9155673a0f199c5582d44611675ef3d9b731ed412894ba19cc0d3f92ad5e60b

SHA512
128f1884b3237fb1c7d5ee56c269858764ef4856a9cd27568878b6c9ab369370f45fd29abe98dc35c1b2d5b709528fd4f5a8796c552af3853897a2e1e21688af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9240be62984b9fa30066ee5247ec3d53

SHA1
7c6a021d37aa2fd8a84e7b69235779e5af4d81e6

SHA256
bbd627aedb19da47a16d1dfd8816a4b501df728be95e85a69fea6cff1fb697d7

SHA512
62e448dadc0125f3f60ab12e8620b9a759b9b6efe8c95a1fffbe762c493afeb249d96c79947337e254e4f5e8a51f185517b7a824160c5a17f354e0ecc33c4718

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fb8a93b1b072c8eb6aff877369ce0437

SHA1
da5a1cde9137e8f5c7c35d9156d8e5cb8a265c5a

SHA256
264352a071a68ddf87320bcca8d23827ad81a8204157dfdbb20634bd44813628

SHA512
a690f9363104b340942ae42afd877d45caac748bf040ca4a9f5cc082dc2d6836b256630d12b41a224aac8df51c06338c74378c40a3b3d9ff364ac0bb5245a06b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1b2816bbc41acc9301459478edfa8e50

SHA1
ceb56137e8e9288f9ae2c3c0f53fff1ff77916c7

SHA256
e447cc7fcd79e1e1c7101732d8aed2c6b615f3aade779cf96c485c726fe6da32

SHA512
e2dd4ad557c426e0d1a3f5d5567debc23379030510675f513af49869efb7a3dbda76ae1f56741d47482417b96a8e2f10b779add6ddbe0b7e5ddc9b309f88395f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
6987dc0ad31c21b47bce95d00f972e7d

SHA1
91c8976d1682275c205605b11847bc78f95c8627

SHA256
5782e6baa52ac52b7b15887e7eb92cca2fc389569747f0415d86b42ebf259eb4

SHA512
a3fe9add8e11d1c5df64b3b6c9b2eea4619fda26a78271b41e7fe677fcb2c9834a9930daacbda0d338d4186769017adf31ed87a9c3fa5a4d2e93d6931a58b3e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
dcd75b95749eafcbb07c1207164bd179

SHA1
21c8b353e90b61e0f8bcb955846b010093f1d2d5

SHA256
fb15a4aba492441d69810d53e9c7128619725d7942eed0369996b0306313c8e8

SHA512
ac4a7f706e26e820a02458324583ac6d6d7d96b41861c08cb3115da54fe7f56b13eecc0ded590d2d4908b25c84d1b96ede4efe84ff7106cce4ece2cf54807b95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
dbc2a65a33591402e726653b497c62bb

SHA1
6aa4886babdae7bb6b5eac6562443e965a032cca

SHA256
e91c4c514a4f8382a5c119eed88b4da145ffd31c79b4f2b5b8f9aa701463aa57

SHA512
67fd3a8b9d3143f0e9a6f2988c755eca30b6bb4e127c5198a1b9f80daa05f750965c7451c23dec3b92741c88a82a27a2d6cef5300240c252e3cba0eb8bac4efd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
e184aad9d19cad409966b9658162b601

SHA1
e5a27bfd862c862ac943c6242f37d0043af470a9

SHA256
eb280a6afeb6b1e745395c0541db91edc59822be8a3a6deff71a3fa10ebd613d

SHA512
f307e1833588c66efa538818bf70cca27166c43f985ea9bd1426bdc2f1f8b6bf10bed647bc8d6836da212514bf6956d775a6af53e59b630d76f8e6f5673456d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
d63411e0c71091743085dc42f588f773

SHA1
ff9d8059085121c6e9e3a9ea49a98f6d1f27a1e0

SHA256
3d3cb11f558d6df05e3a4ba988790dc7868176b0a784706a2c7a53294c605e8b

SHA512
b3d1063e0162b6f87f833a9cb10d683d2dbe614601f5660b8d652f6e1bd970d5042e44be1974d8321f4dade5ad979bb6f2fb90bcad238fc4571a07cf9bab3355

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584428.TMP

Filesize
83KB

MD5
0d64e4e65db9a91e776f382f4962c81e

SHA1
12cf0bd6af7cc3f3f56b471331211180acf4bbc0

SHA256
7149beb0e5152cbdc104511e445ad0bd7775300d3087be46b6b7ed019f647531

SHA512
518eac8f6e558f6973ecc2fed5abfced6fc1177f43dbb5f6fdc8aed5d0f76d447d84881003f02c4fe2f76b528f9b2dcd5781d8129157be3f551115b95b5170c7

Download Submit
C:\Users\Admin\AppData\Local\Wave\CefSharp.Core.Runtime.dll

Filesize
1.3MB

MD5
09cba584aa0aae9fc600745567393ef6

SHA1
bbd1f93cb0db9cf9e01071b3bed1b4afd6e31279

SHA256
0babd84d4e7dc2713e7265d5ac25a3c28d412e705870cded6f5c7c550a5bf8d5

SHA512
5f914fa33a63a6d4b46f39c7279687f313728fd5f8437ec592369a2da3256ccff6f325f78ace0e6d3a2c37da1f681058556f7603da13c45b03f2808f779d2aa1

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe

Filesize
7.5MB

MD5
cd34bf9c69f229818a4c9301e51435eb

SHA1
bfb95a5dc5d777e2b5940f354da271fed397adb2

SHA256
3b217daf815ced5cf1087d1f408fc3833c9d80a1e3e25b3f9041698b9e34216f

SHA512
2c68b211a4c8c144713cbe99214e8dc33d3ef6c1f244af4a313ff5ab93d946a4281d404b02c5f66ef5652071279649082877eaa728912a0e769c2c848e0a8e6b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 301079.crdownload

Filesize
1.5MB

MD5
b075f4320e46d0d5e78a649e8ee011cc

SHA1
b0dd50171323f0f83dbea0340e9ed8cf44bea38e

SHA256
8581823244a50bbed9709d09f3eba29dd9989681d96bff2b6c19245053069feb

SHA512
e08024b5fa50dc344ca18413a6c21e0f20490c22c90c565d6f663014f1673643da1d5d748e0cefca8a7cbae91a62470289803ad588d3aa5cf3dc6292d7393d47

Download Submit
C:\Users\Admin\Downloads\WaveInstaller.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/2080-196-0x0000000009310000-0x0000000009348000-memory.dmp

Filesize
224KB

Download
memory/2080-197-0x00000000092E0000-0x00000000092EE000-memory.dmp

Filesize
56KB

Download
memory/2080-183-0x000000007504E000-0x000000007504F000-memory.dmp

Filesize
4KB

Download
memory/2080-184-0x0000000000030000-0x00000000001C2000-memory.dmp

Filesize
1.6MB

Download
memory/2080-185-0x0000000075040000-0x00000000757F1000-memory.dmp

Filesize
7.7MB

Download
memory/2080-195-0x0000000075040000-0x00000000757F1000-memory.dmp

Filesize
7.7MB

Download
memory/2080-482-0x0000000075040000-0x00000000757F1000-memory.dmp

Filesize
7.7MB

Download
memory/2080-230-0x0000000075040000-0x00000000757F1000-memory.dmp

Filesize
7.7MB

Download
memory/2080-257-0x000000000A230000-0x000000000A23A000-memory.dmp

Filesize
40KB

Download
memory/2080-256-0x0000000009CA0000-0x0000000009CAA000-memory.dmp

Filesize
40KB

Download
memory/2080-255-0x000000000A3E0000-0x000000000A452000-memory.dmp

Filesize
456KB

Download
memory/2080-253-0x0000000000A70000-0x0000000000A78000-memory.dmp

Filesize
32KB

Download
memory/2080-228-0x000000007504E000-0x000000007504F000-memory.dmp

Filesize
4KB

Download
memory/2080-229-0x0000000075040000-0x00000000757F1000-memory.dmp

Filesize
7.7MB

Download
memory/2080-252-0x0000000000CA0000-0x0000000000CC6000-memory.dmp

Filesize
152KB

Download
memory/2080-251-0x000000000A300000-0x000000000A396000-memory.dmp

Filesize
600KB

Download
memory/3628-508-0x00000000004D0000-0x00000000004D8000-memory.dmp

Filesize
32KB

Download
memory/3628-519-0x0000000004F20000-0x0000000004F6A000-memory.dmp

Filesize
296KB

Download
memory/3628-512-0x0000000004D60000-0x0000000004E4A000-memory.dmp

Filesize
936KB

Download
memory/4136-485-0x00000000060B0000-0x0000000006196000-memory.dmp

Filesize
920KB

Download
memory/4136-479-0x0000000075040000-0x00000000757F1000-memory.dmp

Filesize
7.7MB

Download
memory/4136-481-0x0000000000810000-0x0000000000F9C000-memory.dmp

Filesize
7.5MB

Download
memory/4136-493-0x0000000006420000-0x000000000657B000-memory.dmp

Filesize
1.4MB

Download
memory/4136-614-0x000000000D0B0000-0x000000000D162000-memory.dmp

Filesize
712KB

Download
memory/4136-483-0x0000000003330000-0x000000000337A000-memory.dmp

Filesize
296KB

Download
memory/4136-661-0x000000000D600000-0x000000000D622000-memory.dmp

Filesize
136KB

Download
memory/4136-662-0x000000000EE60000-0x000000000F1B7000-memory.dmp

Filesize
3.3MB

Download
memory/4136-484-0x00000000032E0000-0x0000000003304000-memory.dmp

Filesize
144KB

Download