Overview

overview

8

Static

static

3

WaveInstal...al.exe

windows10-1703-x64

8

WaveInstal...al.exe

windows10-2004-x64

8

Resubmissions

17-07-2024 13:53

240717-q64f1atdlj 8

17-07-2024 13:50

240717-q5ca5atcnq 4

Analysis

  • max time kernel
    370s
  • max time network
    370s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    17-07-2024 13:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WaveInstaller Official.exe

  • Size

    1.5MB

  • MD5

    c822ab5332b11c9185765b157d0b6e17

  • SHA1

    7fe909d73a24ddd87171896079cceb8b03663ad4

  • SHA256

    344700d3141170111a9b77db100f6961cc54a2988d964d34f7e1ca57aa42aa2a

  • SHA512

    a8612836fb4714b939d03f7fe08391bbc635ca83ab853fc677159e5db6b00f76b9b586bdae9c19d2406d9a2713d1caf614132cb6c14e1dddc6ac45e47f7e5a5d

  • SSDEEP

    24576:9viinbT3ipyqwPx4x3RyFoBkkAd04wJAAh/jV1gJcPNZI6fntX3HOt2pbs81ind2:EinbT3ipTD0anywJAaD/3U2pb7indT

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 7 IoCs
  • Loads dropped DLL 9 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks for any installed AV software in registry 1 TTPs 7 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 35 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 9 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 44 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\WaveInstaller Official.exe
    "C:\Users\Admin\AppData\Local\Temp\WaveInstaller Official.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4360
    • C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe
      "C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4596
      • C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
        "C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe"
        3⤵
        • Executes dropped EXE
        • Checks for any installed AV software in registry
        • Enumerates connected drives
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1924
        • C:\Users\Admin\AppData\Local\Luau Language Server\node.exe
          "C:\Users\Admin\AppData\Local\Luau Language Server\node.exe" server --process-id=1924
          4⤵
          • Executes dropped EXE
          PID:3052
        • C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
          "C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          PID:1016
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 5984
          4⤵
          • Program crash
          PID:2916
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:3156
  • C:\Windows\system32\browser_broker.exe
    C:\Windows\system32\browser_broker.exe -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • NTFS ADS
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-6.0.32-win-x64.exe
      "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-6.0.32-win-x64.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:3220
      • C:\Windows\Temp\{D49BDB83-3528-48B2-B370-42DBDA7CE63B}\.cr\windowsdesktop-runtime-6.0.32-win-x64.exe
        "C:\Windows\Temp\{D49BDB83-3528-48B2-B370-42DBDA7CE63B}\.cr\windowsdesktop-runtime-6.0.32-win-x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-6.0.32-win-x64.exe" -burn.filehandle.attached=548 -burn.filehandle.self=544
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:1464
        • C:\Windows\Temp\{0DEF80AB-58A3-4E04-8B1F-3F8EE172182B}\.be\windowsdesktop-runtime-6.0.32-win-x64.exe
          "C:\Windows\Temp\{0DEF80AB-58A3-4E04-8B1F-3F8EE172182B}\.be\windowsdesktop-runtime-6.0.32-win-x64.exe" -q -burn.elevated BurnPipe.{A27DFD88-11B4-405E-B829-8F09F8501E5B} {9F2D92AF-3AE0-4697-8398-D6E26C61727A} 1464
          4⤵
          • Executes dropped EXE
          • Adds Run key to start application
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          PID:4104
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4124
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4160
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:4692
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:2404
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3624
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding C96E3A732767E089C8D855FA5876FE63
      2⤵
      • Loads dropped DLL
      PID:2076
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 07086B114D99FA5267418C7A17DCA1C9
      2⤵
      • Loads dropped DLL
      PID:3708
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 56F291DDCB119B33B8BA4A88E09B47D3
      2⤵
      • Loads dropped DLL
      PID:3464
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 4F2616B7F890E6B110A9A3A1274A9AA8
      2⤵
      • Loads dropped DLL
      PID:2436
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x2b8
    1⤵
      PID:936

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Boot or Logon Autostart Execution

    1
    T1547

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Privilege Escalation

    Boot or Logon Autostart Execution

    1
    T1547

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Defense Evasion

    Modify Registry

    2
    T1112

    Credential Access

    Discovery

    Query Registry

    4
    T1012

    System Information Discovery

    3
    T1082

    Software Discovery

    1
    T1518

    Security Software Discovery

    1
    T1518.001

    Peripheral Device Discovery

    1
    T1120

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Web Service

    1
    T1102

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\e5c8160.rbs
      Filesize

      55KB

      MD5

      47b5574a6bbb15ae1ab8c492fc88ca6d

      SHA1

      7781fecf70c27caa71113d2377c1662f8ae39d71

      SHA256

      674786989295d3239ec755aa39a00e922431ec7eadd41a9b922bd0890d48f92e

      SHA512

      2790d40a82075c57c7c626cd07f0ff08c0d08ce73154370225d949559991d58f82be4c9d2c8b70afad01585963281eb1d84432cb23f6ce1d594ce87b3c3dd5d8

      Download Submit
    • C:\Config.Msi\e5c8165.rbs
      Filesize

      8KB

      MD5

      586d2da214079d9b5828ce7a6d6ef77c

      SHA1

      5ce0bb9225d58b5e350871250ce257183b59e8d8

      SHA256

      74932c4256984be21f9758810cd48a511264da6eee94bea0ae55ffc264199523

      SHA512

      8a16e541fcaec6cd2063270559441b6f72f9344d9d276466f47cfff052889fc1f889729969c356b0e2cd4a56cb1ed14281d3dbb5d6f5c336370423c45e06f8b3

      Download Submit
    • C:\Config.Msi\e5c816a.rbs
      Filesize

      9KB

      MD5

      f6002f2df884cca10de5f39f7f802b55

      SHA1

      74436024a115361cc1fb548da3a580c8e6ac7390

      SHA256

      60dd635dca4dc7dd4b8757f745a15e05feb032c09d695e80c8c7faafe50c3164

      SHA512

      e5bf5daa3254adbe81e1c03fae199713f99a6725e3b981680511da9e01172d1015be67417b4c2414f9c6d5b8713f481ef18d8aa72c2e0d31ac83b2ff17573250

      Download Submit
    • C:\Config.Msi\e5c816f.rbs
      Filesize

      87KB

      MD5

      5af1ed1a1496483011124cef4409578e

      SHA1

      ae635f9eda97fcc85c2c7ca4d9a851f692ee0a08

      SHA256

      2f2d56f5ea71556ab9abd8284430f5b4321dc3e15ce87633f8ab70b5634d9132

      SHA512

      46fb36b06527222da151876d3b3d1a18e3d0802311f66751956b654f112a483bde33e4c55acba4315e9bc44764fe544c60a3af8f5e785a1d65e641857a6b27a4

      Download Submit
    • C:\Program Files\dotnet\LICENSE.txt
      Filesize

      9KB

      MD5

      31c5a77b3c57c8c2e82b9541b00bcd5a

      SHA1

      153d4bc14e3a2c1485006f1752e797ca8684d06d

      SHA256

      7f6839a61ce892b79c6549e2dc5a81fdbd240a0b260f8881216b45b7fda8b45d

      SHA512

      ad33e3c0c3b060ad44c5b1b712c991b2d7042f6a60dc691c014d977c922a7e3a783ba9bade1a34de853c271fde1fb75bc2c47869acd863a40be3a6c6d754c0a6

      Download Submit
    • C:\Program Files\dotnet\ThirdPartyNotices.txt
      Filesize

      78KB

      MD5

      f77a4aecfaf4640d801eb6dcdfddc478

      SHA1

      7424710f255f6205ef559e4d7e281a3b701183bb

      SHA256

      d5db0ed54363e40717ae09e746dec99ad5b09223cc1273bb870703176dd226b7

      SHA512

      1b729dfa561899980ba8b15128ea39bc1e609fe07b30b283001fd9cf9da62885d78c18082d0085edd81f09203f878549b48f7f888a8486a2a526b134c849fd6b

      Download Submit
    • C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
      Filesize

      249KB

      MD5

      772c9fecbd0397f6cfb3d866cf3a5d7d

      SHA1

      6de3355d866d0627a756d0d4e29318e67650dacf

      SHA256

      2f88ea7e1183d320fb2b7483de2e860da13dc0c0caaf58f41a888528d78c809f

      SHA512

      82048bd6e50d38a863379a623b8cfda2d1553d8141923acf13f990c7245c833082523633eaa830362a12bfff300da61b3d8b3cccbe038ce2375fdfbd20dbca31

      Download Submit
    • C:\Users\Admin\AppData\Local\Luau Language Server\server\index.js
      Filesize

      6.1MB

      MD5

      6b1cad741d0b6374435f7e1faa93b5e7

      SHA1

      7b1957e63c10f4422421245e4dc64074455fd62a

      SHA256

      6f17add2a8c8c2d9f592adb65d88e08558e25c15cedd82e3f013c8146b5d840f

      SHA512

      a662fc83536eff797b8d59e2fb4a2fb7cd903be8fc4137de8470b341312534326383bb3af58991628f15f93e3bdd57621622d9d9b634fb5e6e03d4aa06977253

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
      Filesize

      896KB

      MD5

      f4795970c1f83c2426ec62befb512ebd

      SHA1

      6a7e867e3b8e3c497449518b96c1aab9964b2089

      SHA256

      5dff43f783d712236a87aa4e6a8305b693857c0462b704aa7505a8c8fb862205

      SHA512

      b76d642f5dbcb00615205e73f25113f6736aa3898fe38a99b86d4d4baf597c6e3b3b5448b27d14214616b67ba50aad6d351321bbefd0d9c948389cffb6d10995

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
      Filesize

      9KB

      MD5

      7050d5ae8acfbe560fa11073fef8185d

      SHA1

      5bc38e77ff06785fe0aec5a345c4ccd15752560e

      SHA256

      cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

      SHA512

      a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V28C7N3J\edgecompatviewlist[1].xml
      Filesize

      74KB

      MD5

      d4fc49dc14f63895d997fa4940f24378

      SHA1

      3efb1437a7c5e46034147cbbc8db017c69d02c31

      SHA256

      853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

      SHA512

      cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\F2AOOKW1\dotnet.microsoft[1].xml
      Filesize

      13B

      MD5

      c1ddea3ef6bbef3e7060a1a9ad89e4c5

      SHA1

      35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

      SHA256

      b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

      SHA512

      6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\F2AOOKW1\dotnet.microsoft[1].xml
      Filesize

      84B

      MD5

      4019b2396d806dc6144da7be63c474ea

      SHA1

      eb8d052ca1908a6d549b20a148d5162dbb90c9bb

      SHA256

      89d293d531dd01471eb48ab521bca53e06469965f008f251e233fe1e2f90674c

      SHA512

      86ad5db65a4ab3ff7e9c5f62f670ca2e9f57666a0b3e113ae72d79734ffa05a637186c697432605efc959a4d84f90cf8d1caefed61ef894dd9936b39a3f094fc

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4SVC5XL2\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FGR3ATTS\windowsdesktop-runtime-6.0.32-win-x64[1].exe
      Filesize

      32KB

      MD5

      47755c618a9a9e4c5bda3a442f99485f

      SHA1

      382cbb19d802d77b52cf8c1cf85ba32eddcbd07e

      SHA256

      7f743326cbab2e1312dff1614a09ebdb17d1a4963ad5fbd73eaee2b90b966aba

      SHA512

      9c93583b11f2e8b4fcad6055d6ca05ac853d5314cd15295284ad260b81073af9dbcdcf558420e2a367561e6e98b361842e7a322fb9f04d0238d2b4a9c780f6b5

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.32_(x64)_20240717135818_000_dotnet_runtime_6.0.32_win_x64.msi.log
      Filesize

      3KB

      MD5

      dc44d65ff1a44ed5c86b94232975bc6d

      SHA1

      f726fff8ad28828e153911e8c48156e3404ae652

      SHA256

      c7ce3c529d7a69d90d8458c1b9b881dbb916c0ab9ffe631b6cbfc1856acd3d9f

      SHA512

      a42f209e46316381d6f739a5b38a47622ecf891f39d6e97ebd7632edfaac3c85b8c978ea6bc8b87bd5f4a9698a44e05deb1abf0c5f31a73b97c487204c2280c2

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.32_(x64)_20240717135818_001_dotnet_hostfxr_6.0.32_win_x64.msi.log
      Filesize

      2KB

      MD5

      6ed01f360bb93e3f8faaa298bc7dcbac

      SHA1

      3f931f2677889a923e726aef3784b8490cbcb6b2

      SHA256

      9c360dc522b9fa59a32db12296219935b9002f9f9e323e932d517a7690953f43

      SHA512

      17b3c5cf4cb7ad2a8dba579e15d64d08260b7b8e45e3a744a4f75854f7e0937be553ca74d4e974f9c46a5f532829dbccaeeacb6329456196ca886ab96e3a3e32

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.32_(x64)_20240717135818_002_dotnet_host_6.0.32_win_x64.msi.log
      Filesize

      2KB

      MD5

      ebc4be933a502f2fd4e65aaf661e01e2

      SHA1

      33122455f234545a61ed10d9bab044b56e4f8978

      SHA256

      617edb58586ecc0d3ba8c723b8164bbad7c924aa393399388fbabd0f3e3d5e8f

      SHA512

      8f6198b5987918677b1914241d4defd7e790043013c3f812dcddccc40734bd4559b9f05f363ddade36996fe0a12e27f4579c79c8d00e77ca09d7bf5358a46ff1

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.32_(x64)_20240717135818_003_windowsdesktop_runtime_6.0.32_win_x64.msi.log
      Filesize

      2KB

      MD5

      df073cf860931106fd9ea6c8ecfda934

      SHA1

      d3360f6a175614132e78fdf5e4c11dd61c26fcf5

      SHA256

      621cddd9d97f3c106aebdec03cc21c60d887b7754808e7abcff54b507e2b9f81

      SHA512

      26192c3343269177adacb2da197a3698aeca66a4a1118cbd52d7ce50b2e185b927f8c1705be9d7a927b1aab4ef2bf517cae35f043da2dfb8359a2667168469ac

      Download Submit
    • C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe
      Filesize

      949KB

      MD5

      8fb51b92d496c6765f7ba44e6d4a8990

      SHA1

      d3e5a8465622cd5adae05babeb7e34b2b5c777d7

      SHA256

      ab49d6166a285b747e5f279620ab9cea12f33f7656d732aa75900fcb981a5394

      SHA512

      20de93a52fff7b092cb9d77bd26944abed5f5cb67146e6d2d70be6a431283b6de52eb37a0e13dc8bc57dcf8be2d5a95b9c11b3b030a3e2f03dd6e4efc23527a6

      Download Submit
    • C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
      Filesize

      8.0MB

      MD5

      b8631bbd78d3935042e47b672c19ccc3

      SHA1

      cd0ea137f1544a31d2a62aaed157486dce3ecebe

      SHA256

      9cfda541d595dc20a55df5422001dfb58debd401df3abff21b1eee8ede28451c

      SHA512

      0c51d6247e39f7851538a5916b24972e845abfe429f0abdc7b532f654b4afe73dc6e1936f1b062da63bfc90273d3cbc297bf6c802e615f3711d0f180c070aa26

      Download Submit
    • C:\Users\Admin\AppData\Local\Wave\bin\Background.mp4
      Filesize

      4.6MB

      MD5

      9782180eb68f73030fe24ef6a1735932

      SHA1

      589827fe098ba048c9f871a28db8eae3e3537ff4

      SHA256

      3a1cbb800f8f25c2ab703ba8bfdb01e938e4143c3bc0fea8ca734fb5ba779ba7

      SHA512

      dc768638bae2d6d47d8910252ae64a656d8a6fd88efdf24165ddce51b7afdb4acb3fddd41dfe788737a2cab4fab66174db2f0d2f48bc8669af76d1656bca8be1

      Download Submit
    • C:\Windows\Temp\{0DEF80AB-58A3-4E04-8B1F-3F8EE172182B}\.ba\bg.png
      Filesize

      4KB

      MD5

      9eb0320dfbf2bd541e6a55c01ddc9f20

      SHA1

      eb282a66d29594346531b1ff886d455e1dcd6d99

      SHA256

      9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

      SHA512

      9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

      Download Submit
    • C:\Windows\Temp\{0DEF80AB-58A3-4E04-8B1F-3F8EE172182B}\dotnet_host_6.0.32_win_x64.msi
      Filesize

      792KB

      MD5

      ac53c5d5e2f1e2ccfd83408856ce81db

      SHA1

      14f67d98612aad86c092dd05200b21a4fdfb8e1c

      SHA256

      756c0d73225da2a0da97c879e00f6d5b273a0078d0bab55eb52755b449d1a896

      SHA512

      0fab821d87fd7daab480db7bf54f0a51a73a16e91440d7ea440a56f6bb3d177105bf1e0741f7d4b94d206f6152104f7b35456ae1f1054b6f679ff0a126588454

      Download Submit
    • C:\Windows\Temp\{0DEF80AB-58A3-4E04-8B1F-3F8EE172182B}\dotnet_hostfxr_6.0.32_win_x64.msi
      Filesize

      856KB

      MD5

      46db6c104f1b633927dee575b5c38c0b

      SHA1

      9d5e6cf836e28959181b855102e70f5a37550314

      SHA256

      2c8dfb556f4a6576205af03f8d5e2f0a939395ca2de6d69f06478b3008d1a2ce

      SHA512

      007877e08b1958fdc5fec7da9fe8ad1a678c2e59bf0b5f4b4080640c1fab96a34f27af81f5a733580e95b897d0e27e1c1fd45a4ca20a673a20f3331f3d5c2b62

      Download Submit
    • C:\Windows\Temp\{0DEF80AB-58A3-4E04-8B1F-3F8EE172182B}\dotnet_runtime_6.0.32_win_x64.msi
      Filesize

      26.0MB

      MD5

      4e9eb394f40e78755fa76e67f9190cd0

      SHA1

      36310c7f007992d911e8402e4aa34a2bb1682063

      SHA256

      8701e309396c5232a4fe1606c6e3549134fe01dc0d9fe4a74cb9d26531ddd9a4

      SHA512

      2cb71f44e7bba16143120512718dd128185a5063ba4767146d10c93b81b6caa4226cfc30fa44b1e50ee41c37b55852e32ea63554fd438fb9ed60de2ce93ca8e3

      Download Submit
    • C:\Windows\Temp\{0DEF80AB-58A3-4E04-8B1F-3F8EE172182B}\windowsdesktop_runtime_6.0.32_win_x64.msi
      Filesize

      28.7MB

      MD5

      6631bf8cc9b765110110130467cdf840

      SHA1

      ccc090918b2636279c2fd093d8e0d4ba99f5513f

      SHA256

      afc5aeb00ccfb01f8428597fa7d44bf07d2811f712b998e4683e288404eb2e91

      SHA512

      cfa6f85ab7c5865245e879e46063e63c53e835e81d8fc0ecde802a6ca3f898e4a94e58c10d99ac53f147dcc630c502c11596901dc4102dd758404730e91b0a3f

      Download Submit
    • C:\Windows\Temp\{D49BDB83-3528-48B2-B370-42DBDA7CE63B}\.cr\windowsdesktop-runtime-6.0.32-win-x64.exe
      Filesize

      636KB

      MD5

      73fa53cc1472a5868b64e379cc781e83

      SHA1

      5b2bb58b39ed3fd3f6b35b4f957430ba5ac305d3

      SHA256

      9ee6a2a1c3a8102f2500b7a1159f383aa888164f8af174445473b675a6f7e631

      SHA512

      9b7e382564f0fefbb35da95c905cf90b6b82be6f1fd78f338e36bf2b2863d91ed8715c79500eec43f941ff20948e08b580d8ab8259a0797ddb6469571a0a7767

      Download Submit
    • \Windows\Installer\MSI8489.tmp
      Filesize

      244KB

      MD5

      60e8c139e673b9eb49dc83718278bc88

      SHA1

      00a3a9cd6d3a9f52628ea09c2e645fe56ee7cd56

      SHA256

      b181b6b4d69a53143a97a306919ba1adbc0b036a48b6d1d41ae7a01e8ef286cb

      SHA512

      ac7cb86dbf3b86f00da7b8a246a6c7ef65a6f1c8705ea07f9b90e494b6239fb9626b55ee872a9b7f16575a60c82e767af228b8f018d4d7b9f783efaccca2b103

      Download Submit
    • \Windows\Temp\{0DEF80AB-58A3-4E04-8B1F-3F8EE172182B}\.ba\wixstdba.dll
      Filesize

      215KB

      MD5

      f68f43f809840328f4e993a54b0d5e62

      SHA1

      01da48ce6c81df4835b4c2eca7e1d447be893d39

      SHA256

      e921f69b9fb4b5ad4691809d06896c5f1d655ab75e0ce94a372319c243c56d4e

      SHA512

      a7a799ecf1784fb5e8cd7191bf78b510ff5b07db07363388d7b32ed21f4fddc09e34d1160113395f728c0f4e57d13768a0350dbdb207d9224337d2153dc791e1

      Download Submit
    • memory/1924-244-0x0000000000810000-0x0000000001012000-memory.dmp
      Filesize

      8.0MB

      Download
    • memory/1924-1528-0x0000000008D20000-0x0000000008D86000-memory.dmp
      Filesize

      408KB

      Download
    • memory/1924-252-0x000000000A310000-0x000000000A3C2000-memory.dmp
      Filesize

      712KB

      Download
    • memory/1924-257-0x000000000B8F0000-0x000000000B912000-memory.dmp
      Filesize

      136KB

      Download
    • memory/1924-258-0x000000000C030000-0x000000000C380000-memory.dmp
      Filesize

      3.3MB

      Download
    • memory/1924-246-0x0000000005A00000-0x0000000005AA0000-memory.dmp
      Filesize

      640KB

      Download
    • memory/1924-1525-0x0000000001840000-0x0000000001878000-memory.dmp
      Filesize

      224KB

      Download
    • memory/1924-1526-0x000000000DD90000-0x000000000E2BC000-memory.dmp
      Filesize

      5.2MB

      Download
    • memory/1924-1527-0x00000000016A0000-0x00000000016DE000-memory.dmp
      Filesize

      248KB

      Download
    • memory/1924-1529-0x0000000005F60000-0x0000000005F68000-memory.dmp
      Filesize

      32KB

      Download
    • memory/1924-1552-0x0000000011900000-0x00000000119D6000-memory.dmp
      Filesize

      856KB

      Download
    • memory/1924-1583-0x0000000016260000-0x00000000162D6000-memory.dmp
      Filesize

      472KB

      Download
    • memory/1924-1581-0x000000001E130000-0x000000001E162000-memory.dmp
      Filesize

      200KB

      Download
    • memory/1924-1580-0x00000000030F0000-0x0000000003166000-memory.dmp
      Filesize

      472KB

      Download
    • memory/1924-1579-0x000000001FF90000-0x00000000200EB000-memory.dmp
      Filesize

      1.4MB

      Download
    • memory/1924-245-0x0000000005950000-0x0000000005A02000-memory.dmp
      Filesize

      712KB

      Download
    • memory/1924-1578-0x000000001E330000-0x000000001E416000-memory.dmp
      Filesize

      920KB

      Download
    • memory/1924-1577-0x0000000011240000-0x000000001128A000-memory.dmp
      Filesize

      296KB

      Download
    • memory/1924-1576-0x0000000006160000-0x0000000006184000-memory.dmp
      Filesize

      144KB

      Download
    • memory/1924-247-0x0000000005860000-0x0000000005868000-memory.dmp
      Filesize

      32KB

      Download
    • memory/3156-299-0x0000021E1BE50000-0x0000021E1BE52000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3156-725-0x0000021E23E30000-0x0000021E23E31000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3156-724-0x0000021E23E20000-0x0000021E23E21000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3156-280-0x0000021E1CD20000-0x0000021E1CD30000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3156-264-0x0000021E1CC20000-0x0000021E1CC30000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4160-308-0x000001AC09800000-0x000001AC09900000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/4160-306-0x000001AC09800000-0x000001AC09900000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/4360-19-0x00000000098E0000-0x0000000009952000-memory.dmp
      Filesize

      456KB

      Download
    • memory/4360-8-0x0000000073490000-0x0000000073B7E000-memory.dmp
      Filesize

      6.9MB

      Download
    • memory/4360-4-0x0000000009D20000-0x0000000009D58000-memory.dmp
      Filesize

      224KB

      Download
    • memory/4360-0-0x000000007349E000-0x000000007349F000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4360-5-0x0000000073490000-0x0000000073B7E000-memory.dmp
      Filesize

      6.9MB

      Download
    • memory/4360-6-0x000000007349E000-0x000000007349F000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4360-7-0x0000000073490000-0x0000000073B7E000-memory.dmp
      Filesize

      6.9MB

      Download
    • memory/4360-20-0x0000000009980000-0x000000000998A000-memory.dmp
      Filesize

      40KB

      Download
    • memory/4360-3-0x0000000073490000-0x0000000073B7E000-memory.dmp
      Filesize

      6.9MB

      Download
    • memory/4360-2-0x0000000073490000-0x0000000073B7E000-memory.dmp
      Filesize

      6.9MB

      Download
    • memory/4360-15-0x000000000C1C0000-0x000000000C256000-memory.dmp
      Filesize

      600KB

      Download
    • memory/4360-234-0x0000000073490000-0x0000000073B7E000-memory.dmp
      Filesize

      6.9MB

      Download
    • memory/4360-16-0x0000000009670000-0x0000000009696000-memory.dmp
      Filesize

      152KB

      Download
    • memory/4360-17-0x00000000016C0000-0x00000000016C8000-memory.dmp
      Filesize

      32KB

      Download
    • memory/4360-1-0x0000000000CB0000-0x0000000000E42000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4360-21-0x000000000AEF0000-0x000000000AEFA000-memory.dmp
      Filesize

      40KB

      Download
    • memory/4596-236-0x000000000A1B0000-0x000000000A1C6000-memory.dmp
      Filesize

      88KB

      Download
    • memory/4596-230-0x0000000000CF0000-0x0000000000DE2000-memory.dmp
      Filesize

      968KB

      Download
    • memory/4596-231-0x0000000073490000-0x0000000073B7E000-memory.dmp
      Filesize

      6.9MB

      Download
    • memory/4596-232-0x0000000073490000-0x0000000073B7E000-memory.dmp
      Filesize

      6.9MB

      Download
    • memory/4596-235-0x0000000009480000-0x0000000009584000-memory.dmp
      Filesize

      1.0MB

      Download
    • memory/4596-243-0x0000000073490000-0x0000000073B7E000-memory.dmp
      Filesize

      6.9MB

      Download
    • memory/4596-237-0x000000000A1F0000-0x000000000A1FA000-memory.dmp
      Filesize

      40KB

      Download
    • memory/4596-238-0x000000000A230000-0x000000000A238000-memory.dmp
      Filesize

      32KB

      Download
    • memory/4596-239-0x000000000A280000-0x000000000A29E000-memory.dmp
      Filesize

      120KB

      Download
    • memory/4692-437-0x00000212D4EE0000-0x00000212D4EE2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/4692-1432-0x00000212BE9D0000-0x00000212BE9D2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/4692-1434-0x00000212BE9E0000-0x00000212BE9E2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/4692-1436-0x00000212BEB20000-0x00000212BEB22000-memory.dmp
      Filesize

      8KB

      Download
    • memory/4692-1445-0x00000212D5130000-0x00000212D5230000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/4692-1461-0x00000212BEBA0000-0x00000212BEBB0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4692-618-0x00000212D6480000-0x00000212D64A0000-memory.dmp
      Filesize

      128KB

      Download
    • memory/4692-607-0x00000212D53A0000-0x00000212D53A2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/4692-550-0x00000212D6740000-0x00000212D6760000-memory.dmp
      Filesize

      128KB

      Download
    • memory/4692-548-0x00000212D6720000-0x00000212D6740000-memory.dmp
      Filesize

      128KB

      Download
    • memory/4692-515-0x00000212D0400000-0x00000212D0500000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/4692-478-0x00000212BF400000-0x00000212BF500000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/4692-462-0x00000212D5130000-0x00000212D5230000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/4692-439-0x00000212D4EF0000-0x00000212D4EF2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/4692-441-0x00000212D5110000-0x00000212D5112000-memory.dmp
      Filesize

      8KB

      Download
    • memory/4692-434-0x00000212D4EC0000-0x00000212D4EC2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/4692-430-0x00000212D4E80000-0x00000212D4E82000-memory.dmp
      Filesize

      8KB

      Download
    • memory/4692-432-0x00000212D4EA0000-0x00000212D4EA2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/4692-328-0x00000212BF400000-0x00000212BF500000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/4692-326-0x00000212BEBE0000-0x00000212BEBE2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/4692-324-0x00000212BEBC0000-0x00000212BEBC2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/4692-321-0x00000212BEB90000-0x00000212BEB92000-memory.dmp
      Filesize

      8KB

      Download