344700d3141170111a9b77db100f6961cc54a2988d964d34f7e1ca57aa42aa2a

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06-07-2024 02:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WaveInstaller.exe
Size

1.5MB
MD5

c822ab5332b11c9185765b157d0b6e17
SHA1

7fe909d73a24ddd87171896079cceb8b03663ad4
SHA256

344700d3141170111a9b77db100f6961cc54a2988d964d34f7e1ca57aa42aa2a
SHA512

a8612836fb4714b939d03f7fe08391bbc635ca83ab853fc677159e5db6b00f76b9b586bdae9c19d2406d9a2713d1caf614132cb6c14e1dddc6ac45e47f7e5a5d
SSDEEP

24576:9viinbT3ipyqwPx4x3RyFoBkkAd04wJAAh/jV1gJcPNZI6fntX3HOt2pbs81ind2:EinbT3ipTD0anywJAaD/3U2pb7indT

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WaveInstaller.exeWaveBootstrapper.exeWaveWindows.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000\Control Panel\International\Geo\Nation	WaveInstaller.exe
Key value queried	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000\Control Panel\International\Geo\Nation	WaveBootstrapper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-587429654-1855694383-2268796072-1000\Control Panel\International\Geo\Nation	WaveWindows.exe

Executes dropped EXE 3 IoCs

Processes:

WaveBootstrapper.exeWaveWindows.exenode.exe

pid process

1468 WaveBootstrapper.exe
540 WaveWindows.exe
4744 node.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

38 raw.githubusercontent.com
39 raw.githubusercontent.com
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
1468	WaveBootstrapper.exe
540	WaveWindows.exe
4744	node.exe

flow	ioc
38	raw.githubusercontent.com
39	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133649669564598450"	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

WaveWindows.exechrome.exe

pid process

540 WaveWindows.exe
4128 chrome.exe
4128 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

4128 chrome.exe
4128 chrome.exe
4128 chrome.exe
4128 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

WaveInstaller.exeWaveBootstrapper.exeWaveWindows.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	4952	WaveInstaller.exe
Token: SeDebugPrivilege	1468	WaveBootstrapper.exe
Token: SeDebugPrivilege	540	WaveWindows.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

WaveWindows.exechrome.exe

pid	process
540	WaveWindows.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

WaveInstaller.exeWaveBootstrapper.exeWaveWindows.exechrome.exe

description	pid	process	target process
PID 4952 wrote to memory of 1468	4952	WaveInstaller.exe	WaveBootstrapper.exe
PID 4952 wrote to memory of 1468	4952	WaveInstaller.exe	WaveBootstrapper.exe
PID 4952 wrote to memory of 1468	4952	WaveInstaller.exe	WaveBootstrapper.exe
PID 1468 wrote to memory of 540	1468	WaveBootstrapper.exe	WaveWindows.exe
PID 1468 wrote to memory of 540	1468	WaveBootstrapper.exe	WaveWindows.exe
PID 1468 wrote to memory of 540	1468	WaveBootstrapper.exe	WaveWindows.exe
PID 540 wrote to memory of 4744	540	WaveWindows.exe	node.exe
PID 540 wrote to memory of 4744	540	WaveWindows.exe	node.exe
PID 4128 wrote to memory of 4516	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 4516	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 3536	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 4444	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 4444	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 2076	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 2076	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 2076	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 2076	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 2076	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 2076	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 2076	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 2076	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 2076	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 2076	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 2076	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 2076	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 2076	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 2076	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 2076	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 2076	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 2076	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 2076	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 2076	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 2076	4128	chrome.exe	chrome.exe
PID 4128 wrote to memory of 2076	4128	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4952

C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe
"C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1468

C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
"C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:540

C:\Users\Admin\AppData\Local\Luau Language Server\node.exe
"C:\Users\Admin\AppData\Local\Luau Language Server\node.exe" server --process-id=540
4⤵
- Executes dropped EXE
PID:4744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff96401ab58,0x7ff96401ab68,0x7ff96401ab78
2⤵
PID:4516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1932,i,8256380803094746264,2504438546072288614,131072 /prefetch:2
2⤵
PID:3536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1932,i,8256380803094746264,2504438546072288614,131072 /prefetch:8
2⤵
PID:4444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1932,i,8256380803094746264,2504438546072288614,131072 /prefetch:8
2⤵
PID:2076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1932,i,8256380803094746264,2504438546072288614,131072 /prefetch:1
2⤵
PID:4496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1932,i,8256380803094746264,2504438546072288614,131072 /prefetch:1
2⤵
PID:4568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4388 --field-trial-handle=1932,i,8256380803094746264,2504438546072288614,131072 /prefetch:1
2⤵
PID:2548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1932,i,8256380803094746264,2504438546072288614,131072 /prefetch:8
2⤵
PID:3244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=1932,i,8256380803094746264,2504438546072288614,131072 /prefetch:8
2⤵
PID:1716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1932,i,8256380803094746264,2504438546072288614,131072 /prefetch:8
2⤵
PID:2512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5084 --field-trial-handle=1932,i,8256380803094746264,2504438546072288614,131072 /prefetch:1
2⤵
PID:1576

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
20de018facc14d8e7902db1135b50daf

SHA1
48eb8d52bb128d9e5e2ae2ab52c3f6e375fed0b6

SHA256
77278c4bcb591aae5cc1e3d88e54901e70369d9eb118c3d3fda1e0c3a14b6d48

SHA512
0ee783b746c01e5dfe6c139865a0351114892e122d8650c03def79a8b2e678a0e63cfc1ea147c3ff324d45aad37c37285940cc9277ce37b6742492a5326c6c35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
92c30986759c74734d2ceebc7f6585f5

SHA1
0cd295c330c383ecdd891977d133b1513bb5471b

SHA256
d7b6609cf4440fbf1de9a839fb0cac3424388af8e817852e6ed098a6b838fcf6

SHA512
db20894613719238d0a84284b65e745c7a7e3a8671129c5b788590ebdeb2643b58834396f7c54d599827807bd3511c908337f88e410c0e519d119f7201a565a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0ca5b20b73a37fd714f0de072468dd98

SHA1
de7b948784fde6127ae519d1049e769d85d39250

SHA256
95d9e401da7edbe63ea2c5f3cf749c7a11c64abb6adc42c9021bd76b9b4ccdee

SHA512
58b1708ba7309c288f7d337f36ee4f83f8f2233cac76aed9ee1de8a8948cac60aa67fe0994511cf6255c313dd89773992fbab271a4f1dde65a149388230c9012

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
201e5d90a461d7907077c0e1e0d16d08

SHA1
71f9370a6913eb76fc10a4c65aa8a92f4c3ccc38

SHA256
9925d7240aeb835904871daec6d79b8bc723ab38613dd479e5d42a7e65c48ebe

SHA512
283f83e085fc34874b9be32d20e5a15fb48592a57d567fcbdd8aa6d68a9471d3eaabbafed7c2642ea8e6ea42f78f6400ed1e71d608f8b9b0ddf161aed48aa694

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
3105d66ecd9b06dd6c01d1a3362189fa

SHA1
7a42b14ff78bcc3b7ba66e1b8e82de52841f9ca8

SHA256
ec5d5c094aca263d32b95328e55450c3f31ddc04144121470393333bef46adf2

SHA512
ef809ef9595cf1a1520f9029d6af07f6c77cb04e412aab9d8a60e0a327a13a1cccfd622fec1dda1c4e393ac027003972db9990ff95c7f485028d90978d561a57

Download Submit
C:\Users\Admin\AppData\Local\Luau Language Server\server\index.js

Filesize
6.1MB

MD5
6b1cad741d0b6374435f7e1faa93b5e7

SHA1
7b1957e63c10f4422421245e4dc64074455fd62a

SHA256
6f17add2a8c8c2d9f592adb65d88e08558e25c15cedd82e3f013c8146b5d840f

SHA512
a662fc83536eff797b8d59e2fb4a2fb7cd903be8fc4137de8470b341312534326383bb3af58991628f15f93e3bdd57621622d9d9b634fb5e6e03d4aa06977253

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe

Filesize
949KB

MD5
8fb51b92d496c6765f7ba44e6d4a8990

SHA1
d3e5a8465622cd5adae05babeb7e34b2b5c777d7

SHA256
ab49d6166a285b747e5f279620ab9cea12f33f7656d732aa75900fcb981a5394

SHA512
20de93a52fff7b092cb9d77bd26944abed5f5cb67146e6d2d70be6a431283b6de52eb37a0e13dc8bc57dcf8be2d5a95b9c11b3b030a3e2f03dd6e4efc23527a6

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe

Filesize
8.0MB

MD5
c0563fdf381a1f1274c8b2729254f19c

SHA1
f053b238515f9b8cc4f763f8bc6bf321f160a499

SHA256
b625a539e7d439938f6864564cbcf00a610e9f29415cde7b1ebac45318cdc371

SHA512
c8abf1aabd44aff41472d2bb595c5a6c5e0c4b5dd9f2809d9ad625431fc6d12b8122bbf394e0cf0e4a71998136791942142d4a461c477981601e3c0dfd513bb5

Download Submit
\??\pipe\crashpad_4128_CSHAVHHGCIQDJVGP

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/540-259-0x0000000009990000-0x00000000099C2000-memory.dmp

Filesize
200KB

Download
memory/540-258-0x00000000098C0000-0x0000000009936000-memory.dmp

Filesize
472KB

Download
memory/540-261-0x0000000009BB0000-0x0000000009C26000-memory.dmp

Filesize
472KB

Download
memory/540-252-0x0000000005A30000-0x0000000005AD0000-memory.dmp

Filesize
640KB

Download
memory/540-262-0x000000000A2B0000-0x000000000A2CE000-memory.dmp

Filesize
120KB

Download
memory/540-253-0x00000000057F0000-0x00000000057F8000-memory.dmp

Filesize
32KB

Download
memory/540-251-0x0000000005980000-0x0000000005A32000-memory.dmp

Filesize
712KB

Download
memory/540-250-0x00000000007A0000-0x0000000000FA2000-memory.dmp

Filesize
8.0MB

Download
memory/1468-243-0x00000000091F0000-0x00000000091FA000-memory.dmp

Filesize
40KB

Download
memory/1468-236-0x0000000000570000-0x0000000000662000-memory.dmp

Filesize
968KB

Download
memory/1468-242-0x00000000091C0000-0x00000000091D6000-memory.dmp

Filesize
88KB

Download
memory/1468-241-0x0000000008500000-0x0000000008604000-memory.dmp

Filesize
1.0MB

Download
memory/1468-244-0x0000000009230000-0x0000000009238000-memory.dmp

Filesize
32KB

Download
memory/1468-245-0x0000000009290000-0x00000000092AE000-memory.dmp

Filesize
120KB

Download
memory/1468-237-0x0000000074C40000-0x00000000753F0000-memory.dmp

Filesize
7.7MB

Download
memory/1468-249-0x0000000074C40000-0x00000000753F0000-memory.dmp

Filesize
7.7MB

Download
memory/1468-238-0x0000000074C40000-0x00000000753F0000-memory.dmp

Filesize
7.7MB

Download
memory/4952-19-0x000000000B8A0000-0x000000000B912000-memory.dmp

Filesize
456KB

Download
memory/4952-15-0x000000000B970000-0x000000000BA06000-memory.dmp

Filesize
600KB

Download
memory/4952-21-0x000000000B920000-0x000000000B92A000-memory.dmp

Filesize
40KB

Download
memory/4952-20-0x000000000B910000-0x000000000B91A000-memory.dmp

Filesize
40KB

Download
memory/4952-0-0x0000000074C4E000-0x0000000074C4F000-memory.dmp

Filesize
4KB

Download
memory/4952-17-0x0000000009310000-0x0000000009318000-memory.dmp

Filesize
32KB

Download
memory/4952-16-0x000000000A840000-0x000000000A866000-memory.dmp

Filesize
152KB

Download
memory/4952-240-0x0000000074C40000-0x00000000753F0000-memory.dmp

Filesize
7.7MB

Download
memory/4952-8-0x0000000074C40000-0x00000000753F0000-memory.dmp

Filesize
7.7MB

Download
memory/4952-7-0x0000000074C4E000-0x0000000074C4F000-memory.dmp

Filesize
4KB

Download
memory/4952-6-0x0000000074C40000-0x00000000753F0000-memory.dmp

Filesize
7.7MB

Download
memory/4952-4-0x00000000096C0000-0x00000000096F8000-memory.dmp

Filesize
224KB

Download
memory/4952-5-0x00000000096A0000-0x00000000096AE000-memory.dmp

Filesize
56KB

Download
memory/4952-3-0x0000000074C40000-0x00000000753F0000-memory.dmp

Filesize
7.7MB

Download
memory/4952-2-0x0000000074C40000-0x00000000753F0000-memory.dmp

Filesize
7.7MB

Download
memory/4952-1-0x00000000002B0000-0x0000000000442000-memory.dmp

Filesize
1.6MB

Download