hxxp://getwave[.]gg

Analysis

max time kernel
248s
max time network
247s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://getwave.gg

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	Bloxstrap.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	WaveInstaller.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	WaveBootstrapper.exe

Executes dropped EXE 5 IoCs

pid	Process
3988	WaveInstaller.exe
3576	WaveBootstrapper.exe
2652	WaveWindows.exe
4480	node.exe
2868	Bloxstrap.exe

Loads dropped DLL 2 IoCs

pid	Process
3576	WaveBootstrapper.exe
2652	WaveWindows.exe

Checks for any installed AV software in registry 1 TTPs 4 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Software\KasperskyLab	WaveWindows.exe
Key created	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Software\KasperskyLab	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\KasperskyLab\LastUsername	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\KasperskyLab\Session	WaveWindows.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
164	raw.githubusercontent.com
165	raw.githubusercontent.com
166	raw.githubusercontent.com
147	raw.githubusercontent.com
148	raw.githubusercontent.com
163	raw.githubusercontent.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133653702238054092"	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2412	msedge.exe
2412	msedge.exe
4736	msedge.exe
4736	msedge.exe
1832	identity_helper.exe
1832	identity_helper.exe
2592	chrome.exe
2592	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2652	WaveWindows.exe
2652	WaveWindows.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4736 wrote to memory of 3996	4736	msedge.exe	85
PID 4736 wrote to memory of 3996	4736	msedge.exe	85
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 4184	4736	msedge.exe	86
PID 4736 wrote to memory of 2412	4736	msedge.exe	87
PID 4736 wrote to memory of 2412	4736	msedge.exe	87
PID 4736 wrote to memory of 3488	4736	msedge.exe	88
PID 4736 wrote to memory of 3488	4736	msedge.exe	88
PID 4736 wrote to memory of 3488	4736	msedge.exe	88
PID 4736 wrote to memory of 3488	4736	msedge.exe	88
PID 4736 wrote to memory of 3488	4736	msedge.exe	88
PID 4736 wrote to memory of 3488	4736	msedge.exe	88
PID 4736 wrote to memory of 3488	4736	msedge.exe	88
PID 4736 wrote to memory of 3488	4736	msedge.exe	88
PID 4736 wrote to memory of 3488	4736	msedge.exe	88
PID 4736 wrote to memory of 3488	4736	msedge.exe	88
PID 4736 wrote to memory of 3488	4736	msedge.exe	88
PID 4736 wrote to memory of 3488	4736	msedge.exe	88
PID 4736 wrote to memory of 3488	4736	msedge.exe	88
PID 4736 wrote to memory of 3488	4736	msedge.exe	88
PID 4736 wrote to memory of 3488	4736	msedge.exe	88
PID 4736 wrote to memory of 3488	4736	msedge.exe	88
PID 4736 wrote to memory of 3488	4736	msedge.exe	88
PID 4736 wrote to memory of 3488	4736	msedge.exe	88
PID 4736 wrote to memory of 3488	4736	msedge.exe	88
PID 4736 wrote to memory of 3488	4736	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://getwave.gg
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb83346f8,0x7ffbb8334708,0x7ffbb8334718
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,13395413630633680331,15875319098806171237,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,13395413630633680331,15875319098806171237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,13395413630633680331,15875319098806171237,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13395413630633680331,15875319098806171237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13395413630633680331,15875319098806171237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,13395413630633680331,15875319098806171237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,13395413630633680331,15875319098806171237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13395413630633680331,15875319098806171237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13395413630633680331,15875319098806171237,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13395413630633680331,15875319098806171237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13395413630633680331,15875319098806171237,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,13395413630633680331,15875319098806171237,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3188 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13395413630633680331,15875319098806171237,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2040,13395413630633680331,15875319098806171237,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  PID:2892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffbb7b5cc40,0x7ffbb7b5cc4c,0x7ffbb7b5cc58
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2116,i,10003653075862815721,1368266197056986051,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2036,i,10003653075862815721,1368266197056986051,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,10003653075862815721,1368266197056986051,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2332 /prefetch:8
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,10003653075862815721,1368266197056986051,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3256,i,10003653075862815721,1368266197056986051,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4588,i,10003653075862815721,1368266197056986051,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4972,i,10003653075862815721,1368266197056986051,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4808,i,10003653075862815721,1368266197056986051,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4540,i,10003653075862815721,1368266197056986051,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3688,i,10003653075862815721,1368266197056986051,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5304,i,10003653075862815721,1368266197056986051,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5324,i,10003653075862815721,1368266197056986051,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5616,i,10003653075862815721,1368266197056986051,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5632,i,10003653075862815721,1368266197056986051,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5184,i,10003653075862815721,1368266197056986051,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5416,i,10003653075862815721,1368266197056986051,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3444 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5284,i,10003653075862815721,1368266197056986051,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5412,i,10003653075862815721,1368266197056986051,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5860,i,10003653075862815721,1368266197056986051,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:984
- C:\Users\Admin\Downloads\WaveInstaller.exe
  "C:\Users\Admin\Downloads\WaveInstaller.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:3988
- - C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe
    "C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3576
  - - C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
      "C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks for any installed AV software in registry
      Suspicious behavior: EnumeratesProcesses
      PID:2652
    - - C:\Users\Admin\AppData\Local\Luau Language Server\node.exe
        
        "C:\Users\Admin\AppData\Local\Luau Language Server\node.exe" server --process-id=2652
        5⤵
        Executes dropped EXE
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
        
        "C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1148,i,10003653075862815721,1368266197056986051,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2392

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3672

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.dll

Filesize
4.3MB

MD5
6546ceb273f079342df5e828a60f551b

SHA1
ede41c27df51c39cd731797c340fcb8feda51ea3

SHA256
e440da74de73212d80da3f27661fcb9436d03d9e8dbbb44c9c148aaf38071ca5

SHA512
f0ea83bf836e93ff7b58582329a05ba183a25c92705fab36f576ec0c20cf687ce16a68e483698bda4215d441dec5916ffbdfa1763fb357e14ab5e0f1ffcaf824

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe

Filesize
249KB

MD5
772c9fecbd0397f6cfb3d866cf3a5d7d

SHA1
6de3355d866d0627a756d0d4e29318e67650dacf

SHA256
2f88ea7e1183d320fb2b7483de2e860da13dc0c0caaf58f41a888528d78c809f

SHA512
82048bd6e50d38a863379a623b8cfda2d1553d8141923acf13f990c7245c833082523633eaa830362a12bfff300da61b3d8b3cccbe038ce2375fdfbd20dbca31

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.runtimeconfig.json

Filesize
372B

MD5
d94cf983fba9ab1bb8a6cb3ad4a48f50

SHA1
04855d8b7a76b7ec74633043ef9986d4500ca63c

SHA256
1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a

SHA512
09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
2.3MB

MD5
8ad8b6593c91d7960dad476d6d4af34f

SHA1
0a95f110c8264cde7768a3fd76db5687fda830ea

SHA256
43e6ae7e38488e95741b1cad60843e7ce49419889285433eb4e697c175a153ab

SHA512
09b522da0958f8b173e97b31b6c7141cb67de5d30db9ff71bc6e61ca9a97c09bff6b17d6eaa03c840500996aad25b3419391af64de1c59e98ff6a8eac636b686

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
264B

MD5
66848e00f0659bc9d73c75acb231fdcd

SHA1
d5ffa0dcb7da87152689b6c1d4b59ba0de2fa59c

SHA256
19a714d0c3f80bc4f355088561234318ce3ed4de9b84df071c5ff86cc93dacca

SHA512
07d85935f43cf7e206c4e6626c522fc49f060f62ce23844963fba46643e92e2f0a3d74007bd511bd4f0f23f1a83aede5dcd85b643a358002095773c45c898b87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
77055bfad9eb7614983e373a2766eb7c

SHA1
dc11378a8960ae9e01574e90dcc6cb19a0205757

SHA256
069f7896043b672493db6abed4b8eb260c5619c3b8d0566c25a375fb538c8cec

SHA512
cb048bb39567edae935784338e34620c205a6927f8c2512f18fadde8b407d17df8a3581910d377a8bf20003b7da1584a9bbe18728de566f187a238515392bef6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ca5d0700be80109d5c2de10c99ad5cba

SHA1
89920f9908edc2859d449826e37081b93a61c0a1

SHA256
35ad8c564fff3072853f48cde90a579a1fc0a3e0b9331cd2c4fa341fcab5c2f3

SHA512
be6e788ce24ba4ed4d6364e0a4dbe66681a441bec2235e185c1416ecee9bd589ece0848be7cc1053f7bdb39316c596f6ae102b21b50c50a4ef202e04532e4ed2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
2714e852d6ac5259c75c1a03305e37cf

SHA1
740093fe053220ecb57a977fa6db79b724978351

SHA256
7b7c25b032cbf8f97dbc29604a0025fcf85d09ee890ba1b0a39738f3231709d2

SHA512
e9278e871c72296434521d2fc4877fd9c1c4ef7972dd6404cf31d2fdcae8178c3128dbb177fc9a7d93cfc714183d3bc195a4689738146d9f5816d5aa709e9050

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
d984016b7fb8a124cea9196c8ca85be3

SHA1
ff2d92335355646210ca64f64f4f6dae013462ed

SHA256
9cc791b4e157a27646edfc3fa78ca0894d30964221fd9976a0abcd25dc1262c6

SHA512
507f8310006c5a2939e4197810e9e578ec514c85b65398197f65d38e8159725b4eac97d94f576354b5f7fd5e25b42341606d00dbf232c18e177414de26a9a079

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2fcf398cbdbc31fe38ff409d1bfa56fc

SHA1
d5318169a84962ebb27fc87de1cfce23ff1a8d62

SHA256
ad163b44f1e317d540e82cf8bb48727dd2a966908c5244f3a7ac8c71fa961848

SHA512
aae3242ade3bc5a8f57598e411a151f7f3e5ff3472ed24ec5ce44e492bd2a87d347462cbf6f34375afde95970f16d439d1192f13b8cfc64cdfd56b3fc4ff97ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
45b88bce0f0cb09759e60e61da695e2f

SHA1
77f12c5270546a9bb3253087a93439e036e5a58e

SHA256
87ddec4eb9b61dcdb03007c56b2e2e3212b4c89baae856e8c480347032a78e2f

SHA512
4f8fd383984efd9918f34e8e010eaf466e4e5ee8b800db11be4e83106b76ef17c52da70843fadc6c2d6c840027b7e51450e0f01a297f5d98c82af163577ab631

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a47e02fff3b15084c11cd440a0926d0d

SHA1
a92c0b1cc63a074bc87ab846491702fde5f1ce00

SHA256
2aa8be5e8282528bfdfdd4e14c938b0723e4048518ff935fd832a8185f32ce2f

SHA512
c5280c5861dcbb305cffd5459d7fe3fbc09d94efc3640e8f07ea4bd237a322e6fd7aca3d689e3f1e3f0500e84d0496815f1d86decce0eae3e461b902a413a6cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8f1104952b98e708c3b0fd57f223fb9e

SHA1
a6e42f9432cfd33d494c360ba4150e8a6324e6e7

SHA256
fbd33a838d34d73d9d504190f7dd6c20c9712fd4bf8e6d2689caa626572f380a

SHA512
dc4e02ba5a7427613bf98ffba10b281eaf78f896ac66f0b38d734132718e85999f620ea701b3ebea58c3c252aa8bf2622ca32e50be08d56adee58921487a8829

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f9d3d97b54bd023b97b146317acf2aca

SHA1
1d138a668b5cf8469846967816af14f920d2a205

SHA256
f8fdb996f0656a52225e14dfb683dd62e72764985c47729896ebced9bb01fb20

SHA512
aed8a6ddf0c90d526b357eb983692921b1ed8d7a21cf8974a4f88ec1b55c6e25bad5e226da2735b7a4026370126648964c21b2dd117100af98ecb1881f8d7a74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
84277a267fb3e7928243574787472d77

SHA1
a513e620874da3ba0e0e52f37023d6e97067c990

SHA256
6055533761c63fa26ff6484b7e616374c83bc4249ddc44d329523fbd69ca9e3b

SHA512
1ef6dc9eab570dede8b0f52979ad5a4517aedaf7c03d34fe4403dba8c05c1d63743e60be9e4fd5951c0c3de9db790bb2c3d1fd08417e3b65cf9a4190ecdd2140

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e992b9e2a1dd62f90106d2d20e1a9e96

SHA1
08e535f3b8e988914a07bf2571cce4392bb0dab9

SHA256
5fc414eb076ba7e6430bd90c580ec6d291fcc3c49e5da8b30ca86407cd73510d

SHA512
c7470bed698059be19ff3150c73470908f48dd9ca9d8f9de2f337be79ccd1f5ae514c9b80eeef05ae871cc3415e6a30fdc9d7cf1a8129c97b0dd10c3ef965762

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
45b2dae722c7c5a8a539b68959050d58

SHA1
2e2f94ee001bdcda24afb1defd09e64375938860

SHA256
1926dd24774b5bfd138d78894bfcf37b9654235dee92861aeb0d242f4a040058

SHA512
00145fe8a79f9cb9540cc103f86ab30d524bdd1c062ca849264de44035ac9b3f13881ee08f530066cfc6004d927c26a22d50bf4829d561194859b5a2c61fe510

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6039381f14aa18d943a7324f04e052e0

SHA1
44a3e0f617cd22d8f2111ab70814160d8aea6d2d

SHA256
5a38930e3bec636996b8903f7e079e15ff2314cfdf9b0ce6054e60ca9ff30479

SHA512
dc91f660159ee77682a0a0741a2fa351ff2069f510c4d8926364192de9b6bed33c11a0e822dbc183fef0035af959d854ca37373d683cfe11ef0e0d1afe989947

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
725873a3a2cf5f692d89cceb5b843afb

SHA1
a069b40eaa9d12c681e1b24ec4c207791c020a70

SHA256
ad95d717e5df73120d74f1a5a433ade0060dbb32503becdbed3ff692d52df6d4

SHA512
349527faf83aae92f1f8180f3187654c15d9ca87a8cee1d068a09d542956d431de215a3cf5f86c026d7c48be7d982983eacb2c3a9bf10a6f8a2e1725fdb204c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d9077fd2895defdf84352c3c6d46d891

SHA1
c34316308bf61a9f9b22e7f4c14010cf520a3eae

SHA256
8ef1e13e61d9f3ab99821607563070ccdbc88e2e53b3fb8b6d72967b4ad5aaab

SHA512
604044958c303a1e63fb177fea73a08b0f2cc32b59a2f6dbbee1cdf452133dc52653bffe966628ab6dead874d41e4984db8ec75e9e5e39df2f0d3fc106b4a20e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
17fb099acb453f992bc7acf91bf204f1

SHA1
c2e89e844f07fc03f1a89c390347a3d749422d75

SHA256
f55d9b39469f149c8896d17400c814214400e4b50a492ff6f31eded59009769d

SHA512
58b629285b0d067ef94437ffd365d9566518ca9e4a9f4b2d3bdb500139f17364fc406b8713f85b14313eb6b92e6e16281f63cc8952225ebd10b3a0d169877e5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7c166ce2bcfa87273e9cb94ebfb71528

SHA1
878ff1a4362248b3b52e776704f8cc9e9baaafd4

SHA256
75832bfbf023bddc865367347784c4bd20883b1217c75165118947d6d2fa562b

SHA512
97d203517012992e78c4d93ebd4f19df41cdae6b540165c5f8cfe32a7cd5971738248c44de200a4852dd643770152e3bc73671759afed1e4ed78ca8df9012516

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a63c7f34a20c99fc97fca471cd4b01c9

SHA1
1fe8067f360b0818ea9dd2359036e8189b7d428d

SHA256
cba176226f246ece2ed58bf2786f5c193007348137290ff87dfd1cd4b8150f6d

SHA512
d6d98e162f00b53cb4d85cd2e77b8909bf21d19815f691fd0c2f5947085b31954a18ac9c84e68df5409740260f435f5837c7f62468414a8ac756e55ff6257144

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
94c2cf4579fe1f73f9dd0502f056491f

SHA1
9c938c339d466022f55a3f3af0c05047b5d132f3

SHA256
ac9c480c96b981ae9b2d38948cd385117b8c4f129a7b1cef2ca2db8d27330155

SHA512
17bcc3a262911ebd81c4bf0f6cf1d7b14e2d9389663410dfaa514b8de8a62d202e8b35efa6807419eb34803ac335dd8489a698ec8b01e6c356b5f8a0f3d1e2c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
9cc1a2fdccc1077e47ce541acfd62975

SHA1
6c7d06b90fdaf9e5e31661288d99ff247a7922c7

SHA256
2b13b236bc21d8c71fee688cfbfb4e3a3ed835b6dd875592ff59bfa5a695fb33

SHA512
49fc1063b980a244b21ebdfa2f9b7bab66b6222e8d6a9ba137008b7fcce38a2c0c89c967413c1790be9c074ef41de30f10e55834914e26b62ca6116cdbb22ece

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
c125cacc38adc136e73e35b25c57308e

SHA1
5dbe7b72a11ddbc2ed244b8a0e08138491714c73

SHA256
6e3f7e63ce9aec060d59967e433b64037a4ce67b6e36c8fdc8b6ea7a76a097fa

SHA512
a0e4b4fed82e4f1e862c8cb089fb2e0cdabede056391ccd6f8db07a8c1c6408884647f3ac4f12a4cdf5dff4d60a3ec17e1433edc152acbd22d58f2cfdbfa7947

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
2b273c424d58adee71ebba8db6d4737b

SHA1
2060737b51396df0edda50d6b21677f360961a8e

SHA256
a3f852a85403738a2a8ca01490eaae586e8e1b0e93deadce95d821a76454477f

SHA512
df3919107c8e55f2ece0de0488bf73d1bd381194da000291e47a61187ed806d372d33c3d402446399b6f2803f9f252b5207d6a4a6063eb8b6f40d5e34b9c5bdc

Download Submit
C:\Users\Admin\AppData\Local\Luau Language Server\server\index.js

Filesize
6.1MB

MD5
6b1cad741d0b6374435f7e1faa93b5e7

SHA1
7b1957e63c10f4422421245e4dc64074455fd62a

SHA256
6f17add2a8c8c2d9f592adb65d88e08558e25c15cedd82e3f013c8146b5d840f

SHA512
a662fc83536eff797b8d59e2fb4a2fb7cd903be8fc4137de8470b341312534326383bb3af58991628f15f93e3bdd57621622d9d9b634fb5e6e03d4aa06977253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaaad45aced1889a90a8aa4c39f92659

SHA1
5c0130d9e8d1a64c97924090d9a5258b8a31b83c

SHA256
5e3237f26b6047f64459cd5d3a6bc3563e2642b98d75b97011c93e0a9bd26f3b

SHA512
0db1c6bdb51f4e6ba5ef4dc12fc73886e599ab28f1eec5d943110bc3d856401ca31c05baa9026dd441b69f3de92307eb77d93f089ba6e2b84eea6e93982620e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3ee50fb26a9d3f096c47ff8696c24321

SHA1
a8c83e798d2a8b31fec0820560525e80dfa4fe66

SHA256
d80ec29cb17280af0c7522b30a80ffa19d1e786c0b09accfe3234b967d23eb6f

SHA512
479c0d2b76850aa79b58f9e0a8ba5773bd8909d915b98c2e9dc3a95c0ac18d7741b2ee571df695c0305598d89651c7aef2ff7c2fedb8b6a6aa30057ecfc872c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
e5b2af150e3312cb288f0075a7d4a50a

SHA1
ff7ddd0ea3262af19ebc82984a905b808e9554cc

SHA256
71cf49fe863c143049b25916e3af60fd32463edd63ecefb72f748eec81fdaf47

SHA512
35f972ef7d64114450b53bd77caa1cba9e75c012505dfa180e59e2b0bac385c5f87a3c05a6057c346da9d7ae4a83b6dccdc1b6b2bb561d554e119cefb2edb015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d2e3b35af3249784e01654b9d97f75e2

SHA1
92a32b52766cd9e644b83b47a9e32d076229a977

SHA256
939c21519a6652c5a7033be5a0d85fc68db861cbb1c07d450ca109007f611ccd

SHA512
4b443ff26a0a2da00c552e148cd59aa22e99f5cba734589661d50471036f67b434a66359b76a676c5e7311236710993ad0c3ca268cde0d8a55e5a05388f5dc39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
712a0d86162d72f76b9c00eaf86ac7e3

SHA1
ce5ca60b45cc9552479dc4b0dee5ef49598fafa0

SHA256
3b3d8d7736e972f28ef764c89ab110cefa7c71c8725f325447cdb1c3ef1a3b72

SHA512
4d39503b574371018c33de110cd9d54d86de8c518bb00b4cca8add048e6a20d365e4557ac91b0244b4de409702e52dc68be8346e27e8329389bb130498ed4ec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5483fd529579c6b95ea72d8a0ac3d10c

SHA1
2e4862fafbd16b27776c98d7169fc6b1a4d1b839

SHA256
055b13f35155717cf7ad69a12c347fd7ba8b4140b69f5a52b2ee47245a429169

SHA512
a564144402b3629f88f26ca722dbbfcaefa7448f4fd318c3c190a43354f9db345709518ede2052fe741ec36047aafcc643171da4efe82cd36d78c549725f39b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0feb333b99b2af7d3b564b5f48798119

SHA1
116ec323440963f797025960e33f546e53ee2879

SHA256
196e96ab64ab9f6252ea7c50f0043be9c84e4f3b91d61e95648847f478adf1b8

SHA512
951840ad2b6cb19f426b942426fffae20914852c43e719a780db5ec621cd61d13c48650c31f6ff93ba5ed2ef65a2d4818d2c4fe5c3707c9762f3f047249a865b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af0bd1bd74784428a225216a8ab60e46

SHA1
20152dd2bbc773a8e1085ece376e12b30e4b13df

SHA256
6088cd68f8e7a6b637001ce97c46b956e31794b132b728156372834cedb509cb

SHA512
76d2328cb2de0858dc84872327f4719efa9367fb8a81be14db3fb536f4f066f7b33d5635f0d8e5c776fdaa338bc5ce7a985bc93bd350ceee4527f2e3170cc882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
50cb7fcf478c49b0c805580e55c97927

SHA1
8cba354dae8763a7a0d27abd09166c95fafdc290

SHA256
171830b38a897ac35f8490e10e479f7c0eb59a845b1277b1f8bf0ca29717d18e

SHA512
bf91efd7f2c6724a9f92a70ca7782490b3d4a697a3f9d4e87a6382797f3b6df3c318a6b453edfc48370b068f35ea242032320f722f2487329aa22b107bd76492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
63203ad703e12498677e8377f1d7e325

SHA1
afcfde546b6a62f3486c9d1cab33a0e6e72fd418

SHA256
a552ffd7d4fa6006100b2b456dce45468e620951443b96fa11049e588955aa72

SHA512
bcc4dc64e4b9507f009a0338eef9a6ef48701a3a827c5dfd7f111664473a13bcb7b9a1565c926b7e6a54657838806c3bbf0a4c8698aaaf56128f61748e47fbcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2d40c1ca1de8b220a66db60da5deb847

SHA1
566abf234f475e3732bdb36e742225b504aea90b

SHA256
4d1beaa7cd12d132929d3f88725b624b575bc0edbb1e8c28dd245da3fea7fde7

SHA512
6dfe848a3f32c6e45d50ee456afc138aa6460d2d9869ed49096d42af33a134271c7910772eede5ba86649f8047eda5d558f9fc88b3650cca393fbe1bfd77a594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
03472be0be0d73617d851fd986849bdb

SHA1
df6c96700c1701802ec8e265892b6febfb1c11c5

SHA256
9364963c7ef1b4fcb7ba86e6bd4530f2f34f295211ea01db53492ff17d0857e7

SHA512
5bf5c31e3fdf72b67a44088dc8346fe86d44f223c088b41a3c42e45579b4d2f630c4ed88f41e38576706b55da9469bd5485663fd0164578c6de59e5b6e5734d8

Download Submit
C:\Users\Admin\AppData\Local\Wave\D3DCOMPILER_47.dll

Filesize
3.9MB

MD5
3b4647bcb9feb591c2c05d1a606ed988

SHA1
b42c59f96fb069fd49009dfd94550a7764e6c97c

SHA256
35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7

SHA512
00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe

Filesize
949KB

MD5
8fb51b92d496c6765f7ba44e6d4a8990

SHA1
d3e5a8465622cd5adae05babeb7e34b2b5c777d7

SHA256
ab49d6166a285b747e5f279620ab9cea12f33f7656d732aa75900fcb981a5394

SHA512
20de93a52fff7b092cb9d77bd26944abed5f5cb67146e6d2d70be6a431283b6de52eb37a0e13dc8bc57dcf8be2d5a95b9c11b3b030a3e2f03dd6e4efc23527a6

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe

Filesize
8.0MB

MD5
b8631bbd78d3935042e47b672c19ccc3

SHA1
cd0ea137f1544a31d2a62aaed157486dce3ecebe

SHA256
9cfda541d595dc20a55df5422001dfb58debd401df3abff21b1eee8ede28451c

SHA512
0c51d6247e39f7851538a5916b24972e845abfe429f0abdc7b532f654b4afe73dc6e1936f1b062da63bfc90273d3cbc297bf6c802e615f3711d0f180c070aa26

Download Submit
memory/2652-975-0x0000000000A30000-0x0000000001232000-memory.dmp

Filesize
8.0MB

Download
memory/2652-976-0x0000000005C20000-0x0000000005CC0000-memory.dmp

Filesize
640KB

Download
memory/2652-981-0x000000000A430000-0x000000000A4E2000-memory.dmp

Filesize
712KB

Download
memory/2652-987-0x000000000B9C0000-0x000000000B9E2000-memory.dmp

Filesize
136KB

Download
memory/2652-988-0x000000000BD70000-0x000000000C0C4000-memory.dmp

Filesize
3.3MB

Download
memory/3576-968-0x0000000009700000-0x000000000970A000-memory.dmp

Filesize
40KB

Download
memory/3576-969-0x00000000097A0000-0x00000000097BE000-memory.dmp

Filesize
120KB

Download
memory/3576-964-0x0000000000210000-0x0000000000302000-memory.dmp

Filesize
968KB

Download
memory/3576-966-0x0000000008990000-0x0000000008A94000-memory.dmp

Filesize
1.0MB

Download
memory/3576-967-0x00000000096C0000-0x00000000096D6000-memory.dmp

Filesize
88KB

Download
memory/3988-649-0x0000000000A00000-0x0000000000C4A000-memory.dmp

Filesize
2.3MB

Download
memory/3988-723-0x000000000BE80000-0x000000000BE8A000-memory.dmp

Filesize
40KB

Download
memory/3988-722-0x000000000BBB0000-0x000000000BBBA000-memory.dmp

Filesize
40KB

Download
memory/3988-721-0x000000000CB50000-0x000000000CBC2000-memory.dmp

Filesize
456KB

Download
memory/3988-719-0x000000000B680000-0x000000000B688000-memory.dmp

Filesize
32KB

Download
memory/3988-718-0x000000000BD90000-0x000000000BDB6000-memory.dmp

Filesize
152KB

Download
memory/3988-717-0x000000000BCF0000-0x000000000BD86000-memory.dmp

Filesize
600KB

Download
memory/3988-655-0x000000000A340000-0x000000000A34E000-memory.dmp

Filesize
56KB

Download
memory/3988-654-0x000000000A380000-0x000000000A3B8000-memory.dmp

Filesize
224KB

Download
memory/3988-653-0x0000000005850000-0x0000000005858000-memory.dmp

Filesize
32KB

Download
memory/3988-652-0x0000000005840000-0x0000000005848000-memory.dmp

Filesize
32KB

Download
memory/3988-651-0x00000000057B0000-0x0000000005832000-memory.dmp

Filesize
520KB

Download
memory/3988-650-0x0000000005700000-0x00000000057B2000-memory.dmp

Filesize
712KB

Download