90e8cc6bfe8f7240feacc059cca45a2eea58df19d956136d2468759cf4c75622

Analysis

max time kernel
358s
max time network
356s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/08/2024, 02:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

16KB
MD5

92ed46eb0d6ac99f50cdc219bf0e5a94
SHA1

7100c1b2a67a4f89272cd4d846ffa5fa0bda43a2
SHA256

90e8cc6bfe8f7240feacc059cca45a2eea58df19d956136d2468759cf4c75622
SHA512

0710ae450d6689b5cbc09806da884c550144c1be99ccfcf60876827f3ec3503c2372f468e36baf1c2a2ad61e780b54521a062d3e787fa30c21baa2b53bfe990b
SSDEEP

192:IJMUOjnv1xDSJI+JXJIJTJLJWlsZ6sfH516xLs9Iqo3C2drnX6CQeTnlz7G2Yzgc:IJdOzvhZvVoBrX607ZGNghYzYp0OU

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 12 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	WaveBootstrapper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	Bloxstrap.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	node.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	node.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	WaveInstaller.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	WaveBootstrapper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	WaveWindows.exe

Executes dropped EXE 20 IoCs

pid	Process
4964	WaveInstaller.exe
4360	WaveBootstrapper.exe
2564	WaveWindows.exe
4612	node.exe
544	Bloxstrap.exe
1524	CefSharp.BrowserSubprocess.exe
4020	CefSharp.BrowserSubprocess.exe
2500	CefSharp.BrowserSubprocess.exe
3996	CefSharp.BrowserSubprocess.exe
3828	CefSharp.BrowserSubprocess.exe
1496	wave-luau.exe
4728	WaveBootstrapper.exe
632	WaveWindows.exe
2464	node.exe
4788	CefSharp.BrowserSubprocess.exe
5008	CefSharp.BrowserSubprocess.exe
4320	CefSharp.BrowserSubprocess.exe
2148	CefSharp.BrowserSubprocess.exe
4128	wave-luau.exe
1916	CefSharp.BrowserSubprocess.exe

Loads dropped DLL 64 IoCs

pid	Process
4360	WaveBootstrapper.exe
2564	WaveWindows.exe
2564	WaveWindows.exe
2564	WaveWindows.exe
2564	WaveWindows.exe
2564	WaveWindows.exe
2564	WaveWindows.exe
2564	WaveWindows.exe
2564	WaveWindows.exe
2564	WaveWindows.exe
2564	WaveWindows.exe
2564	WaveWindows.exe
2564	WaveWindows.exe
1524	CefSharp.BrowserSubprocess.exe
1524	CefSharp.BrowserSubprocess.exe
1524	CefSharp.BrowserSubprocess.exe
1524	CefSharp.BrowserSubprocess.exe
1524	CefSharp.BrowserSubprocess.exe
1524	CefSharp.BrowserSubprocess.exe
1524	CefSharp.BrowserSubprocess.exe
1524	CefSharp.BrowserSubprocess.exe
1524	CefSharp.BrowserSubprocess.exe
1524	CefSharp.BrowserSubprocess.exe
1524	CefSharp.BrowserSubprocess.exe
2500	CefSharp.BrowserSubprocess.exe
2500	CefSharp.BrowserSubprocess.exe
2500	CefSharp.BrowserSubprocess.exe
2500	CefSharp.BrowserSubprocess.exe
2500	CefSharp.BrowserSubprocess.exe
4020	CefSharp.BrowserSubprocess.exe
4020	CefSharp.BrowserSubprocess.exe
4020	CefSharp.BrowserSubprocess.exe
4020	CefSharp.BrowserSubprocess.exe
4020	CefSharp.BrowserSubprocess.exe
4020	CefSharp.BrowserSubprocess.exe
4020	CefSharp.BrowserSubprocess.exe
2500	CefSharp.BrowserSubprocess.exe
2500	CefSharp.BrowserSubprocess.exe
3996	CefSharp.BrowserSubprocess.exe
3996	CefSharp.BrowserSubprocess.exe
3996	CefSharp.BrowserSubprocess.exe
3996	CefSharp.BrowserSubprocess.exe
3996	CefSharp.BrowserSubprocess.exe
3996	CefSharp.BrowserSubprocess.exe
3996	CefSharp.BrowserSubprocess.exe
3828	CefSharp.BrowserSubprocess.exe
3828	CefSharp.BrowserSubprocess.exe
3828	CefSharp.BrowserSubprocess.exe
3828	CefSharp.BrowserSubprocess.exe
3828	CefSharp.BrowserSubprocess.exe
3828	CefSharp.BrowserSubprocess.exe
3828	CefSharp.BrowserSubprocess.exe
4728	WaveBootstrapper.exe
632	WaveWindows.exe
632	WaveWindows.exe
632	WaveWindows.exe
632	WaveWindows.exe
632	WaveWindows.exe
632	WaveWindows.exe
632	WaveWindows.exe
632	WaveWindows.exe
632	WaveWindows.exe
632	WaveWindows.exe
632	WaveWindows.exe

Checks for any installed AV software in registry 1 TTPs 49 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\ContinueOnStartUp = "0"	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\FontSize = "14"	WaveWindows.exe
Key queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab	WaveWindows.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\LastUsername = "[email protected]"	WaveWindows.exe
Key opened	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\KasperskyLab	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\RefreshRate = "60"	WaveWindows.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\KasperskyLab	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\LastUsername	WaveWindows.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\Session = "Bearer 5982b45c-1d20-4920-a2da-5506f4778083"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\RefreshRate	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\FontSize	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\UsePerformanceMode = "0"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\RefreshRate	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\TopMost = "0"	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\Minimap = "0"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\LastUsername	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\Session	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\UsePerformanceMode	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\Minimap = "0"	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\SendCurrentDocument = "1"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\Session	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\UsePerformanceMode	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\RedirectCompilerError	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\Minimap	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\TopMost	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\TopMost = "0"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\RedirectCompilerError	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\RefreshRate = "60"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\Minimap	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\SendCurrentDocument	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\TopMost	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\RedirectCompilerError = "1"	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\FontSize = "14"	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\InlayHints = "1"	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\UsePerformanceMode = "0"	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\InlayHints = "1"	WaveWindows.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\LastUsername = "[email protected]"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\ContinueOnStartUp	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\InlayHints	WaveWindows.exe
Key opened	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\KasperskyLab	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\RedirectCompilerError = "1"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\ContinueOnStartUp	WaveWindows.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\Session = "Bearer 562a0449-4358-4847-ab1c-995ed7df91fd"	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\ContinueOnStartUp = "0"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\FontSize	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\SendCurrentDocument = "1"	WaveWindows.exe
Key queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\InlayHints	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\SendCurrentDocument	WaveWindows.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	WaveWindows.exe
File opened (read-only)	\??\R:	WaveWindows.exe
File opened (read-only)	\??\V:	WaveWindows.exe
File opened (read-only)	\??\M:	WaveWindows.exe
File opened (read-only)	\??\E:	WaveWindows.exe
File opened (read-only)	\??\O:	WaveWindows.exe
File opened (read-only)	\??\S:	WaveWindows.exe
File opened (read-only)	\??\Y:	WaveWindows.exe
File opened (read-only)	\??\I:	WaveWindows.exe
File opened (read-only)	\??\L:	WaveWindows.exe
File opened (read-only)	\??\Z:	WaveWindows.exe
File opened (read-only)	\??\I:	WaveWindows.exe
File opened (read-only)	\??\L:	WaveWindows.exe
File opened (read-only)	\??\X:	WaveWindows.exe
File opened (read-only)	\??\M:	WaveWindows.exe
File opened (read-only)	\??\K:	WaveWindows.exe
File opened (read-only)	\??\R:	WaveWindows.exe
File opened (read-only)	\??\W:	WaveWindows.exe
File opened (read-only)	\??\K:	WaveWindows.exe
File opened (read-only)	\??\O:	WaveWindows.exe
File opened (read-only)	\??\A:	WaveWindows.exe
File opened (read-only)	\??\H:	WaveWindows.exe
File opened (read-only)	\??\J:	WaveWindows.exe
File opened (read-only)	\??\U:	WaveWindows.exe
File opened (read-only)	\??\V:	WaveWindows.exe
File opened (read-only)	\??\B:	WaveWindows.exe
File opened (read-only)	\??\H:	WaveWindows.exe
File opened (read-only)	\??\N:	WaveWindows.exe
File opened (read-only)	\??\X:	WaveWindows.exe
File opened (read-only)	\??\Y:	WaveWindows.exe
File opened (read-only)	\??\E:	WaveWindows.exe
File opened (read-only)	\??\G:	WaveWindows.exe
File opened (read-only)	\??\U:	WaveWindows.exe
File opened (read-only)	\??\Z:	WaveWindows.exe
File opened (read-only)	\??\A:	WaveWindows.exe
File opened (read-only)	\??\G:	WaveWindows.exe
File opened (read-only)	\??\J:	WaveWindows.exe
File opened (read-only)	\??\S:	WaveWindows.exe
File opened (read-only)	\??\B:	WaveWindows.exe
File opened (read-only)	\??\N:	WaveWindows.exe
File opened (read-only)	\??\T:	WaveWindows.exe
File opened (read-only)	\??\W:	WaveWindows.exe
File opened (read-only)	\??\T:	WaveWindows.exe
File opened (read-only)	\??\Q:	WaveWindows.exe
File opened (read-only)	\??\P:	WaveWindows.exe
File opened (read-only)	\??\Q:	WaveWindows.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
43	raw.githubusercontent.com
44	raw.githubusercontent.com
58	raw.githubusercontent.com
59	raw.githubusercontent.com
60	raw.githubusercontent.com
61	raw.githubusercontent.com

Network Service Discovery 1 TTPs 10 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
1524	CefSharp.BrowserSubprocess.exe
3996	CefSharp.BrowserSubprocess.exe
3828	CefSharp.BrowserSubprocess.exe
2500	CefSharp.BrowserSubprocess.exe
4788	CefSharp.BrowserSubprocess.exe
2148	CefSharp.BrowserSubprocess.exe
5008	CefSharp.BrowserSubprocess.exe
4020	CefSharp.BrowserSubprocess.exe
1916	CefSharp.BrowserSubprocess.exe
4320	CefSharp.BrowserSubprocess.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 16 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveWindows.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveBootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveBootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveWindows.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{45C64F2A-E343-4C41-88CD-9AC7FA9A38C9}	WaveWindows.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{EA83DC89-0537-48BF-88CC-DE94DE32613B}	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{69F4D1CB-9598-4B02-A9F1-29DC418F5F82}	WaveWindows.exe

Suspicious behavior: EnumeratesProcesses 38 IoCs

pid	Process
3908	chrome.exe
3908	chrome.exe
3896	msedge.exe
3896	msedge.exe
1032	msedge.exe
1032	msedge.exe
2832	msedge.exe
2832	msedge.exe
2564	WaveWindows.exe
2564	WaveWindows.exe
2564	WaveWindows.exe
1524	CefSharp.BrowserSubprocess.exe
1524	CefSharp.BrowserSubprocess.exe
4020	CefSharp.BrowserSubprocess.exe
4020	CefSharp.BrowserSubprocess.exe
2500	CefSharp.BrowserSubprocess.exe
2500	CefSharp.BrowserSubprocess.exe
3996	CefSharp.BrowserSubprocess.exe
3996	CefSharp.BrowserSubprocess.exe
3828	CefSharp.BrowserSubprocess.exe
3828	CefSharp.BrowserSubprocess.exe
3888	chrome.exe
3888	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
632	WaveWindows.exe
4788	CefSharp.BrowserSubprocess.exe
4788	CefSharp.BrowserSubprocess.exe
4320	CefSharp.BrowserSubprocess.exe
4320	CefSharp.BrowserSubprocess.exe
5008	CefSharp.BrowserSubprocess.exe
5008	CefSharp.BrowserSubprocess.exe
2148	CefSharp.BrowserSubprocess.exe
2148	CefSharp.BrowserSubprocess.exe
1916	CefSharp.BrowserSubprocess.exe
1916	CefSharp.BrowserSubprocess.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4612	node.exe
544	Bloxstrap.exe
2464	node.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3908 wrote to memory of 2756	3908	chrome.exe	82
PID 3908 wrote to memory of 2756	3908	chrome.exe	82
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 3792	3908	chrome.exe	84
PID 3908 wrote to memory of 1768	3908	chrome.exe	85
PID 3908 wrote to memory of 1768	3908	chrome.exe	85
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86
PID 3908 wrote to memory of 1032	3908	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffab6d9cc40,0x7ffab6d9cc4c,0x7ffab6d9cc58
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2036,i,3218896272202825261,14225561771194174514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1996 /prefetch:2
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1872,i,3218896272202825261,14225561771194174514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2008,i,3218896272202825261,14225561771194174514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2588 /prefetch:8
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,3218896272202825261,14225561771194174514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,3218896272202825261,14225561771194174514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4644,i,3218896272202825261,14225561771194174514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4652 /prefetch:8
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4700,i,3218896272202825261,14225561771194174514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4420 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3404,i,3218896272202825261,14225561771194174514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5244,i,3218896272202825261,14225561771194174514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5228,i,3218896272202825261,14225561771194174514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4848,i,3218896272202825261,14225561771194174514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5572,i,3218896272202825261,14225561771194174514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3112,i,3218896272202825261,14225561771194174514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3492,i,3218896272202825261,14225561771194174514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3412 /prefetch:8
  2⤵
  PID:2288

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:636

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3976

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1812

C:\Users\Admin\Downloads\WaveInstaller.exe
"C:\Users\Admin\Downloads\WaveInstaller.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4964
- C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe
  "C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4360
- - C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
    "C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks for any installed AV software in registry
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:2564
  - - C:\Users\Admin\AppData\Local\Luau Language Server\node.exe
      "C:\Users\Admin\AppData\Local\Luau Language Server\node.exe" server --process-id=2564
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4612
    - - C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\wave-luau.exe
        
        "C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\wave-luau.exe" lsp "--definitions=C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\globalTypes.d.luau" "--definitions=C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\wave.d.luau" "--docs=C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\en-us.json"
        5⤵
        Executes dropped EXE
        
        PID:1496
  - - C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
      "C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:544
  - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6780,i,14530979951288455534,4052579097640097086,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=6784 --mojo-platform-channel-handle=6772 /prefetch:2 --host-process-id=2564
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Network Service Discovery
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1524
  - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --field-trial-handle=7120,i,14530979951288455534,4052579097640097086,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=7124 --mojo-platform-channel-handle=7116 /prefetch:8 --host-process-id=2564
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Network Service Discovery
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2500
  - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --field-trial-handle=7444,i,14530979951288455534,4052579097640097086,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=7452 --mojo-platform-channel-handle=7448 /prefetch:3 --host-process-id=2564
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Network Service Discovery
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:4020
  - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=7544,i,14530979951288455534,4052579097640097086,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=7548 --mojo-platform-channel-handle=7496 --host-process-id=2564 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Network Service Discovery
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3828
  - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=7560,i,14530979951288455534,4052579097640097086,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=7572 --mojo-platform-channel-handle=7552 --host-process-id=2564 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Network Service Discovery
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault039cdb53h9f9ch4534h94d9hac7576a7fed0
1⤵
PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffaa69946f8,0x7ffaa6994708,0x7ffaa6994718
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,2787664879390070955,4019983934676745551,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,2787664879390070955,4019983934676745551,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,2787664879390070955,4019983934676745551,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:1668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:212

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:2088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulte26b1e8dhacbch4d53h973fh156e22a42815
1⤵
PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x104,0x7ffaa69946f8,0x7ffaa6994708,0x7ffaa6994718
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,1771065100085516557,13529132649427458617,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,1771065100085516557,13529132649427458617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,1771065100085516557,13529132649427458617,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:3596

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault6796fa6dh11d0h41a2haa20h10a6746c9f95
1⤵
PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaa69946f8,0x7ffaa6994708,0x7ffaa6994718
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,4969973564125079778,12698058863034520505,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,4969973564125079778,12698058863034520505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,4969973564125079778,12698058863034520505,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:3944

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x150 0x4b4
1⤵
PID:3184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffab6d9cc40,0x7ffab6d9cc4c,0x7ffab6d9cc58
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,4243850200775880494,4955146252078608249,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1640,i,4243850200775880494,4955146252078608249,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2536 /prefetch:3
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,4243850200775880494,4955146252078608249,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,4243850200775880494,4955146252078608249,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3208,i,4243850200775880494,4955146252078608249,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3736,i,4243850200775880494,4955146252078608249,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4864,i,4243850200775880494,4955146252078608249,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5060,i,4243850200775880494,4955146252078608249,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4596,i,4243850200775880494,4955146252078608249,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4756,i,4243850200775880494,4955146252078608249,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4752,i,4243850200775880494,4955146252078608249,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4572,i,4243850200775880494,4955146252078608249,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5564,i,4243850200775880494,4955146252078608249,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3532,i,4243850200775880494,4955146252078608249,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3552,i,4243850200775880494,4955146252078608249,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3896,i,4243850200775880494,4955146252078608249,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3528,i,4243850200775880494,4955146252078608249,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5824,i,4243850200775880494,4955146252078608249,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3468,i,4243850200775880494,4955146252078608249,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3540 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4300

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5008

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1988

C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe
"C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4728
- C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
  "C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks for any installed AV software in registry
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:632
- - C:\Users\Admin\AppData\Local\Luau Language Server\node.exe
    "C:\Users\Admin\AppData\Local\Luau Language Server\node.exe" server --process-id=632
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2464
  - - C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\wave-luau.exe
      "C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\wave-luau.exe" lsp "--definitions=C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\globalTypes.d.luau" "--definitions=C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\wave.d.luau" "--docs=C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\en-us.json"
      4⤵
      Executes dropped EXE
      PID:4128
- - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
    "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6372,i,10728742249792710404,12956796004042516848,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=6376 --mojo-platform-channel-handle=6364 /prefetch:2 --host-process-id=632
    3⤵
    - Executes dropped EXE
    - Network Service Discovery
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:4788
- - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
    "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --field-trial-handle=6472,i,10728742249792710404,12956796004042516848,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=6480 --mojo-platform-channel-handle=6484 /prefetch:8 --host-process-id=632
    3⤵
    - Executes dropped EXE
    - Network Service Discovery
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:5008
- - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
    "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --field-trial-handle=7020,i,10728742249792710404,12956796004042516848,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=7052 --mojo-platform-channel-handle=7012 /prefetch:3 --host-process-id=632
    3⤵
    - Executes dropped EXE
    - Network Service Discovery
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:4320
- - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
    "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=7108,i,10728742249792710404,12956796004042516848,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=7112 --mojo-platform-channel-handle=7104 --host-process-id=632 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Network Service Discovery
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1916
- - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
    "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=7124,i,10728742249792710404,12956796004042516848,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=7136 --mojo-platform-channel-handle=7116 --host-process-id=632 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Network Service Discovery
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Peripheral Device Discovery

T1120

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.dll

Filesize
4.3MB

MD5
6546ceb273f079342df5e828a60f551b

SHA1
ede41c27df51c39cd731797c340fcb8feda51ea3

SHA256
e440da74de73212d80da3f27661fcb9436d03d9e8dbbb44c9c148aaf38071ca5

SHA512
f0ea83bf836e93ff7b58582329a05ba183a25c92705fab36f576ec0c20cf687ce16a68e483698bda4215d441dec5916ffbdfa1763fb357e14ab5e0f1ffcaf824

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe

Filesize
249KB

MD5
772c9fecbd0397f6cfb3d866cf3a5d7d

SHA1
6de3355d866d0627a756d0d4e29318e67650dacf

SHA256
2f88ea7e1183d320fb2b7483de2e860da13dc0c0caaf58f41a888528d78c809f

SHA512
82048bd6e50d38a863379a623b8cfda2d1553d8141923acf13f990c7245c833082523633eaa830362a12bfff300da61b3d8b3cccbe038ce2375fdfbd20dbca31

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.runtimeconfig.json

Filesize
372B

MD5
d94cf983fba9ab1bb8a6cb3ad4a48f50

SHA1
04855d8b7a76b7ec74633043ef9986d4500ca63c

SHA256
1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a

SHA512
09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
af2ac817e91cbbc9f636481382b93e59

SHA1
894ef7346e32f322bb069e7b352e501bdfe9d60b

SHA256
a792c41e8f33b310d4702758b37ab67a8ee262d24a8d1c85121f4a00ccbc0b6a

SHA512
d8a5a59f87ac493f187a0609972e1e5b05ce579c1879df5172f24c66429d58d7f587b5dc440c3fea3a7b568ff1455f8aa73e8524ebf4d03b537c63b8850dd932

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
3c838a8a48320937d35cef7293ea2eb2

SHA1
44b125bb83bdb45aa2a892c3cec1df78f73ba1d3

SHA256
2e1a56f8b8550b8b6d38d4d608deee716d93a5da8226ee5ecf2a529f1d90d620

SHA512
675f0187c585b3a643a815f978c2828e03631a58ebff00fdc086bca2e398c11d5ac0288d839701a858f2ca8a7fac44f8bb53bc82bba4926b7b09d80f89609e2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
94b5623cb5704d76c35fa2cfd2e7e4b1

SHA1
a921ba4104eed511e511fd5928f8e272b9598f1a

SHA256
e27cdd300dbc5bd9ae6b12fb7f7e1656efff92e838f6d993e625bf0da99eae3f

SHA512
0866e4e03f851222d6a8bbddb92aa216197e015bd31ec26fc5e342ddeaebe7496ea36530ce8021a08e09074f26e5176f67d78ae081249c425359bf7699d81ed9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
3ee505735ae07e74b4076383a6f4c743

SHA1
82fe5bbee8bc4b478e475a26e4fee99b1aeb4ee3

SHA256
e08da77abfff0839dca42f93c552e99fc902fb8723c6709b9ec31df7c65ba697

SHA512
804fa2564c8aaf72e6eaeb21dd345ac95b715df7f9338ffb263473631bb8861b01b2eed59f75a4bf30c31c78921792a3f6311d31da020102b5ad662d5abe2a4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.xbox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a4c9cc19e89d16be446548e77abf31d6

SHA1
15e0ba76f3ddea5f51ce7850e3927dcd3ad7e4f3

SHA256
747da9be5655c8de7a2eaea7b3f3cd34f4684913ee1c40fbbb7875bb00309dc5

SHA512
ec2b2b6b2685cf0dbbdcf342bcb8eee6e77666aa851684eb0f521d17b1a7d7c7558aead1cbf38a5e719e2ac17f9210f8706ad055ca2e0e52be1f0d2a9f4a57af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
8483f1e727891fb98bc02d106968cbd9

SHA1
77f9d8eea2931390edc1be8c00b49f371a55f32d

SHA256
06952deeec55b80bc5f881ec197b24dde3eca9423dc115c04ee9f1db96a903fe

SHA512
eb1d326db1ca8b5c63eb530d236986d3f6a5696759aea57eb6d0a830f248e9eb1dcdc81ecc2060e4f4067cd455246f29df306143060129f6b3ad423742cd4136

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
dbc12d5fdce450a16638b251743efb39

SHA1
f4d64bab18f5df3e1f997d3c4845d832cb18e7d4

SHA256
1bde51b2bb8ade5c2833cb334b4083bc7aedba4a186f0c79f2573d9301bf203a

SHA512
13642ec5b9ab33b10721cb964a01683229425b25ac6ad89679f851d18eb0b7f1b7e4348b14d687bac517555acaa3a2e01265b8c8099092a62925a85b7f7545a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8867d6fc451885c8b97190c2cf7ca07b

SHA1
87c4ab966fba8b7a51607f00aee001e48bd96c29

SHA256
75bb080dc72646078af6ade1127fefa627420ba8e6c23b6ab2f3baed6afcc23e

SHA512
511273a550c4fad11d61c6a5e067590ef5d226551e2204d57d1ba4eadfc11d2ba383c694fcf725355a6db4a7d750006a9af6f0c5a57531a63a8ca265fe24f175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
247d87d9db1d16dccef632b56fec5fc6

SHA1
b71132dc76ea902124607ad60b9dc68ef11bb778

SHA256
e99e93324c3be08f7b3de1b52ff3b06e42a303cd1b1b79486abe875b442f4c35

SHA512
e35e3a66fc4286c27b1c3269c180cce8512c863e9ccca54fc618b59f83db939b124e521b8261830adf33ebe99c61829beea5a4687f0c8dbbfb34327535e7a957

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cf8e9c8e4ec310242e054ac706fa0cb3

SHA1
150db8af017456249026fda17d9454c89c652cab

SHA256
eec3165a50a624a9c073196cf02abb2e74bb841c329b06b3436b41052a2c1000

SHA512
d7c694c4c3e68ba11d1e005c65663c582962b35d04d540427fc298fdc6eb3cd875b5248b2dd78845c9cf2c63ca5e9f2086832adefaa1879011aeaf3ffe416df0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
4e7555fbba2a8e9d44bd40e99bf694ee

SHA1
4925f634c99000de035b5ee8bddd7a43d7351d2c

SHA256
499988ada9361ff7914f3ce208e96d16f9f730d0fcd7dc66d0f0c0aad958c45c

SHA512
7217d8b6735cd7357927705044ca6ba812fb15dddb4b614847b4df5ce6880e73edac57667e88c698cf215e96066bc17e6c0c42af8f19494c34b531acb51d53d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
8a56eb7de9c1d961d72070d4306749ad

SHA1
a59d53dd4e881b1f64919f81edff433e3f5ff329

SHA256
784cf2f60cf0c89398aea73848a8b07c2267242e57502b5532ec92dd6beafbc4

SHA512
64a1e8f82f57c579cb3f360aba1c44689cc970f2b912e49bd52aa1ecc38925b405b9a358a5b44c862b811104932b61f00296c05dcc02f5b6046bbf49e837336f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
32d9320ab40d7e47dc472adf152812ea

SHA1
63c4ca935562b843c643aee5b2b277300e3f3404

SHA256
6873647fc11814ca688ca08c7ce64684185d58149eafc2be9319c2356ce0c226

SHA512
a01729795f515825f2bd47952e6935f6b01611f463628247c1698249bba92469db3b1775c9fe19d99fde007f4c060d8ed89017dc83190dcc5a327b36374a8529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
11ad2649704576cc1eeb78dc362a5586

SHA1
4d9a8a553c2ee9c5ecb3c31867cef8042f180742

SHA256
2bd4c438be61b235951eaa4d26df43b96ee2494b557d3084930cfaf4e8ed685e

SHA512
17447659efc09e4dc674207df9377769e4fbad07a6240f2fe679543ecb947cd165e74cc25c945f9257cd8c18193b64c887fabeaa2529a860c35f09a07b3da473

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
ffdcb48e80fcdbfd0ea4f56d39812d2d

SHA1
88c227c439470a613738a384ea5377b3521302f2

SHA256
a459486ae26229ad54d9c5ccac7b9cd6dcb9c65b8176402b9b425afbebaceb63

SHA512
ac1b4e5f68747e57f997e5bd1f0c673591c178008fe893f09ebe61f8f54365bb08f84e2ccd435830b0626f7be43ddba6bac88025033673fe3b1c80689a69367f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
7cd4403953b10643684d607cc5e4baed

SHA1
53c6855f886645b6b74dc72f5814ee65ad52c88f

SHA256
628d3e07982a290d07e32bf4be66832751cb1a3a073867e5ee5ecc824937f672

SHA512
847206471422aeffd54c1ec1bd3099be274266cbe2c0635a0327f07fb3153200d350c273b54d805ecf68a87e8c00ad86e8f9142817eea299f93496e5b90c6552

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a7a9cb53b00d332980fed37775f69ea1

SHA1
e6ef089b7fd52165ab3c30cd03d6a6e353b8365f

SHA256
b12b34621d14c3981920c41ecdcd5c2e387048f35d1bc359b57b9df8ffe4c669

SHA512
19f2382f52225ea9fc63ccc867bb47b35909c78d6ac5d1c3690c79e02c4468626bc6f0b855850297199ed2ede02bcd5a08768da08b0f8824d0aece6f8a479d71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f762b7edf4ce6eccc21d7785cad9f1e1

SHA1
1fef87cd0f158acc4d9433bfbc4502b99d4b5083

SHA256
27b467d27e3f6b36ace49772543e0317521add7e36ad061911721031762f3ae8

SHA512
480ba9df3f5c1e444b0bc81111ffc7f9dde72ebb388d67be07e474d131668fa6ce746d4655e3fbb07732fce0418daf52f44b02908918ca2d4ba61b0c57b7d305

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
4c5b8d9ba759e43ae7775edb0a5b3735

SHA1
dfa313294f3e85541667b7236535ff2be10ff96b

SHA256
ed6e35ab44019ceb932cc87c14814a238fac4d7c3e2f53855a48ca7a86177589

SHA512
cae5abd1abec1eb9afba400adde2f50b0613183579719e8eb270bd220a910d5f28bcfb631a31fb7c4b9117bd7f666e4084e4a12378ecfc507847e440988f6931

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
815ea661185d9c937e4665baacc32eff

SHA1
32f7333cffdf10c8e5b47ae8cc7eae741af18da6

SHA256
8fa94b52de6b0ce21740d30c2b7eca58171ba763322cc9685e3222e805522a9e

SHA512
e064b76a6dda3d91eaf03aeced8c97ad220617e6283817d6ef9621377626b431854fd37dbfc357292a5500d093b07aec47e11d1ea79906cef8900b35d658de5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2c77cb0faa632c26a71f6403c07aa41f

SHA1
35587059c5af73a4b941faed8a22a98acf07a12a

SHA256
56e32d2c17a831078a718233c59fd3e0ac7fc40a9aedb7058b8a964f8504167b

SHA512
e31e01e4205f639da19f616359e8886096de46e853df02d99fd26f09eb2f20522ed14785f2b849274475916baae53ecbb637df687a60fc1dda30a0b045588812

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6ab74ad279e3c934aa213523cecfc23d

SHA1
5be886d7a443480916ac1d518605fc935d884020

SHA256
00d85509494753348636f95c83d925a44e6cad9ce04a6f7d8f02af21e43af142

SHA512
d71ef15f1083364787adffb147dfdd2efdaf3d4b436cdfb427e2d3a3da85000966366f793869289c3948d9ff001fff3b32b27fa92447ec394b2d1b96fe4fa231

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
78884aab85c7591e83211266efd08af5

SHA1
37afef20f36bcf4c36694a3dfa6998ad6f98ce44

SHA256
688a7e5e803cd3421749ec6383d06bbe41a83db7606e5d0d6a986eb255c1452d

SHA512
e768585edcb6d7b8e1f02c6a4003113287eb067bf2097be8c5a44cc59fd1b02f060d767749366f06f6041bb95b51cb5e348f2ec7dd78d77ab9b608b12a8874c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d5426892f6dfb1a2ce42f6a45aafbf8e

SHA1
8f2395f77bc300547f804301663efe158db59030

SHA256
c349b2d49170aaabd38e5fc5adf8fcb77201d5455627bae39695cc9a65133dae

SHA512
b1d5a3199a029c38e6b3282e470fc67c07cd3006d5c87919cc3d8a8fd22073e8a58505361ffc78fa0bae45a9abb2b288d84077e4c145fede953889e2455de5e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
081919808301e68e189d2f9b0534bba5

SHA1
4ac250bb5742627bd276f436a36296ffb445c3d9

SHA256
c39eb56a6682878689427f7553f0524ba710189b1d1983e23c32a8da8744d984

SHA512
0ad04e69e25d5d076d98540206821bcd5efa42d9feb11b333d58b2e70464c3aec3ee2a44663b260492162866616cc1bc4b6aac2c8aa2adda7273a9382ad905f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
404443554cf59408529847531f9b6ded

SHA1
8d1afe6dc3eaed0e77a7f0af99993c130011b893

SHA256
77cfe9393823d63f10f61b98713d9e77395e08f6184bb3d3571beedb731f23df

SHA512
623a2515ac8537bee07e3161fe94b891e8d22750b5cd312c752a7bf453877791201646b727d3394aa0fea58a23cb5ae87ae8c73ef058449cfaf4018b0bf21b06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
406b31e4d3929cb1e0aad0cdf5cbcf18

SHA1
22d5b87338b5519dc6351036343260b3ace37528

SHA256
f924d433308e9c953f47659c222f3606e514b07ebc733e77f1f34743461fc234

SHA512
eaabc3a48cc27113e7a0d723d25d84e07c7bf4b74d0d9b27ced8de80e5a2b027622c613a7344f0b53d8f5e8d54d47ece94a285b53660e061f0c0129eee4934ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a97f43abf694f0d386c66ebf99481aac

SHA1
71f4ce3df68e186124c6ff058f03d02c860a08dd

SHA256
29ee46ccc315be80215e34c06c72fd11fffcdf5c18daa3c927487d1c4ab100b3

SHA512
38f729aee6555bde5d61248545b98f4b095f5b60753d4ebbae5c4ed66021d433a8fdd22ddafe1fd395b68810c6d5d895769b7b605a0643fc18658217d35abcaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
caa2ef969e6378579a78a545c5f42bc0

SHA1
37544c6f8d19cc788f04104c0d9ae90fbf6651a3

SHA256
cdca8bc8ec3483d54460dc878a1badee83587765a6d4d8c147e61f9052aa20f1

SHA512
b7674b31065088ca7acc5859ab05ea3654b956fbd200c9664a7d89e21b7665748b3bc847238f69e432c9cf377bdfbeb7b28db69f56a4ca3077233c896394761b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a7d01d960196b93d847c5131240ee2fe

SHA1
d2a0e2ea3d25e458415f03df6c9320fb670c15c7

SHA256
7da7160f9d6384747b09f08576088c37af60e077124790c55af9a39476368ef3

SHA512
05ba28e426df3698bbbead1fcbb49a6264ed15162a8b43ae67f79f74f96653d16b2992b02c7554290af8940cb2d3cb2973c8fcdaea36a6970fc9e15f3f1be85b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cb00bc0d1d7706df56a22ed229c33546

SHA1
e062b9883f9a535efef53e129a41ccfcd769d66b

SHA256
650d35aa6844b5977d750bb32d0a063562ffb10360a662c3a0e1e8d2afa578f3

SHA512
c5c14399bc25e7a6855df36ee16ce700520e6761440940ba2c0a959e399996eac8a16ad7fca00913dbeaa4f2fd1f788a1638bef53aef45e788240ed3763c8145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ada6b750b9a6fc911ea7b5bf273f0fe3

SHA1
529fc84f5a22b46134d3f4257d54561092ce9156

SHA256
0c8bdca6135245819e68fc926a5b99d2c9b8a8ef75f359bc6be2af735072b7f4

SHA512
6f7853a572e815840604b27077df043b319415f1a1740f0d3fb58773aac05d26bc44102fcce04e02d71fb3123952762359dc1cd07caa72c9ff54dee9b76922a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
604603887fbe62c899618038020234c4

SHA1
34be5eb87b9857cf15b10d62bf27cdeb6d33e125

SHA256
ee18930aede51797728913b146505833b080e16604b1a45e9189b10705d6adc0

SHA512
4969d820262b4c867514a8187cbb449b1c2679efc97fedc8d0f8dd11936aa771a9ecb818d79d11d88d3d9c02abb8e19cb2059b555431e886693a2ac5c01da8b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0698a4ae22e83d0c9bd688d3e5c75370

SHA1
d01fabae9514420e82afc0eba9a41f025401d6cd

SHA256
de2ae4a3a999e056fa0f7871a8793160bb0e43df16bfeadd28d86d537ab58633

SHA512
070421d0ff17a45c7cdec41fcddc854274e4941aed0644d7a17d680a6c779b175122010148172865009255304b59a4e436c9998e1b6fa25eb6889ebebbb49b24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f360ac8027cb9bfd28b7e9f6d57e3e52

SHA1
837a1758efea5c17e6990758e434c247add27a13

SHA256
f0f99f20b489de4915dc83b1a4b99af12ba5f3029b054fa146b7cfe66ac319c1

SHA512
8ece0dfe276b9b4d62ceaf2a386376bba29fe27c2364b7f89281655ad050fe311a4a515070120140e9ab8b08fba3fdc3ab92bb2377f3a61602f05a3608f5cb93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fbf744fa672149ee0052f5dacecd6f81

SHA1
874e40c54e6ea356f850ba39c273b78b44530c71

SHA256
2d3c402020438a669107c8d4dc7afe433e706841f337015d0b3af47590d2256e

SHA512
76bcc2af7b8d5a7e99fb6925aabac19b7d5ae4b06a724ab46034f5e4f0ae120fd50877411fa2f49b4a12ec86dbc5674ab5188a30520f66f21d439ee7a09c554f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
f84e3102d2d35ff5354911307822fa5c

SHA1
6f22a4601a065341bdba5e32fb4315fe543ae954

SHA256
8079c2924838c1dfdb724165e74f52859f93eb8c9d5748c54bf025ec27a30d6f

SHA512
1cfa7e5090e14a0e0056f66a55a6f18bb34d70b63cf783ef0f849f18dca6126bbd3676ee65a1a3873a1f0e2f3faa5c619d3a45a1b50e83fa8ce53b99fb0e0745

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
b5d0acb2446cf730a95970faf5e788f5

SHA1
2c5b4b2e126b4f702d912d606175ed729d30ddcf

SHA256
9979f510d929cd59fa62a173a211099ebdca0710649739b5bd916f00d58c9f6b

SHA512
eeaee4823d3417945118119a5d43e8ec3b2d5f3e7a6643441754e15849e5ae30ef5b7285b132b9563804afc1f20d3fac72a9c30fdefb29be564574dae087e6b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
e57e294aa35c25d8951c467d88ed4777

SHA1
13306f25f16c4e526b5d85eaf1ca30a0f3fafb0a

SHA256
1b971c6ec65e0af112010d1d9e77f9fccdc593b4543c5def4e5313e46f6a0af9

SHA512
01ef176ba5127681e4b3b336fad885110e6c4296af0fb03b27454c5bb6df8dc092b458316ffd6f98c9e28224c1384206feb82f509501400a03d77ef9a9329a8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
46b08d8bace62540a6d4d2dfb769d073

SHA1
956a7737336279fed71f02cd88b9bb6c1aa4afe1

SHA256
2f35b2a9a93b7a69e37bfd136b9b677823729e1b649833a18b5362f91625d8ff

SHA512
a01cc7f5946502dfce92b16bb1e65259bed0f7b751c2ab23ebdb6a9f5c17f391c87dfee2b1e0a3583e14d87487a7aa74eb58ba23943f5caada8d226fecd209a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
2326c2d13be26e26eae376ca6deace30

SHA1
c3da031a3c98cf35e66f34cb24424155eb86aeb4

SHA256
da30cf1734b43ba3f4069da0f629f05f6d9ebde8b2a567d38b26cad2ed0a9678

SHA512
1d61a17789d075579904a5c7a76cc485efe6675d92fa03e260ae6a0360b89495e13f5826cb13d7295538453143f0e7402457f8ab084997edf7cb1d6d92bc3d59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
bc6dbc92d391d13d7d0663ae7c20c4cc

SHA1
d5cbb9c4085ca2e7178dd45a254cefcb8dc41fb7

SHA256
0520a20adad996bc8d0758582a8f6102ce7fc857a14633c4f1a541e152ee31d8

SHA512
d312ed2d327293a69ff3f941990f414f47658dfcd9f7e6c4d52d16a4f256ccf3c2b22bc72d38b8f0b2db6ea8fe0a44b5de57850c7d0e1f43711c0bcad23ef204

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
513d75d5005b4228a1da88931fb4008d

SHA1
87a21dde1ec5ae5852d542e26df7670ce29a5050

SHA256
3cf9a9e2bb49d5147a0eb66a4639d496c66ce3f6d36c72bd9a188542befd1f36

SHA512
ab63d583c5f78a8f1b441a13928debe8e85224611e1978edee63ba0ecfe7bb0c4566dc24ddbc4614b209ee14ce197687159123cc52993329dbfcdc0995cd4213

Download Submit
C:\Users\Admin\AppData\Local\Luau Language Server\server\index.js

Filesize
6.1MB

MD5
6b1cad741d0b6374435f7e1faa93b5e7

SHA1
7b1957e63c10f4422421245e4dc64074455fd62a

SHA256
6f17add2a8c8c2d9f592adb65d88e08558e25c15cedd82e3f013c8146b5d840f

SHA512
a662fc83536eff797b8d59e2fb4a2fb7cd903be8fc4137de8470b341312534326383bb3af58991628f15f93e3bdd57621622d9d9b634fb5e6e03d4aa06977253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3787c47b26ec224dedac2f8b16cb44f2

SHA1
4419b832a507aa4219142d1b1f3bc03d80296e1f

SHA256
c39be3e2a13091c102bbddd36a7d18f8bbb4936abd940e55f81fb2a6ad08980f

SHA512
f63bc28e85d95cb7846d577032f754a9b4eb9602ce938d46ecd552c42c00e5a0c33def2f77f5ee042a615785720251b8f61ef4bd6f50b8bf383c2108c17536dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\61e0407d-da27-477b-bf7a-e7c34df5bb64.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
122be6765234f9bda11088df311671e6

SHA1
c0fbab6fb2d3ac5472c583586ea2935072351d2d

SHA256
ecc57b2bcf838ced2bfe700bca4ccf6546c7832398834669406ff33740292b14

SHA512
515f4c5c14822409ac099b6f9ebfb10dc420a389890cbe4bcab5782511bf21a495ca744e13776b8b5cf7b5950f63049ea89039bf86c9029cf870a0e5fb61f4d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a5fc41660c12754a7dc12b6251220e15

SHA1
7bd22aa69c4868455d0d0ccec969575f1ce7ccc0

SHA256
d22ca5cb15c4ca8f0f0381c52db75355a0b46902ef6d73f30a892d2c0b2a0c72

SHA512
1776a66ecf1b78caa45bde816ebd6dd3e5bd865334c788cc022ae5e9474932f6681b8a01d1b20d93a24406eb34a4f95d539411a2603809476104f491e336bdd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
efb84674314d22b639362b5b3f32600c

SHA1
b4a9c09e7c5ac2bbf2bd5caddbafe1d5708bc31c

SHA256
d692e483b2d3bb72ef77289c4524562c17bf4fe5c8f328cb1ca5423cbb965362

SHA512
9c58c02f1471f90202464f75454ad29ec6bd065255542d357e9aaaa6d126fe64cfbc57d61268c743eb43288c618a77396eb2facb769490256096b54cfce6dd53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
8e283aae28dabc9ba27e5c971332f752

SHA1
1fc0b27e6c3511e4fc23a77d528cd17f53094e66

SHA256
3e9a11bbf0a4e4331ffb995460368e1bbd1744ace1f07f7d6ce5c45bf41d2a6a

SHA512
983d3cce96999cfdbc01aef5e7827481210c36c1913e09f002acb294500103b6dca24cc78d13a047b0fdf23c836026a459c20da6c86c64bfc8af6404b5610427

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
5d8dd5765a497abac8ff061cc8992951

SHA1
0478376fb79979d08cca0cd74686122bbc942410

SHA256
0d4b512cf240663c1ea10682b883fe4847b95cd097edf7e216e2841f59782992

SHA512
00f43732beb488b4f41d67f2fa4cad4ff9f1b38c6669ba7bec8e789c34529bb316fa012b338f1d87a755d00235983402eb20ec9ce5d28c7e4a4d1f375358dd99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
1035629302f7ea2d7fefeb626762df2c

SHA1
3cb0833762a2d7d2a191c208b4149ac7ad271e58

SHA256
b31412be7594da846e95cc28e623183c681da399df51438c49dda576e9418cf2

SHA512
83090eeeefd23dc181b389d26730710168291e62334ab5ecb5aa39f3cf15175a11a614d4b3265c627e0ffa27491d415620f6a5ff7312e4817a95da2ade117e2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
e0f467c6afa5ce0481533906bfab9118

SHA1
d585aa82f04c68c57b3bc29c4350058fce470bbd

SHA256
3333a8d2090d14d9d7933bd5cf0cb2385c936505a59c2c954e91d66333cd6f60

SHA512
a30b9e129c65bfc0314c54bf69e7d46e9492c9231ed5d4d1b88652eae0d67ed497cdff47151955d1fe025f5606c262542bbaf4c40317d0a6e53f56534a6fe37c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
c04875e7470f1e2243e865aeae98c7c2

SHA1
66dea6d3f0c26f9c0dbcf27679edd4e658edb81a

SHA256
4ac885fd62cb4972ff9ae590c9e1995d72471d913f79042cfa7cf04d2598869f

SHA512
a9b04cce4c28c3c96a2edc2928b6ab1e50d36b30184deccc43e52b8b8c275004d0e5f8faf266f7c3c38e4d9e043c8f4e85c548187212a9a7a1673625a5251c3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
896KB

MD5
4215c06e0f4746db5c784d1310be3259

SHA1
238696daa5917789cd556940865b9a9897f43ea2

SHA256
dd4aefd91864a7caf97706e48da78e2ea037464625bd7ce6d28cfe69bdd750d6

SHA512
9c457d07a2534cae8155016fda98b960d7fbe7e37cee3f6b404494c6083fb0660497984e7215408bca604e791c6da9c833954a2e25218324a795a0782327fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Wave\CefSharp.Core.dll

Filesize
898KB

MD5
1bb24b22d9bd996c038d26b600ed18a8

SHA1
c2629a8a26c9c0969501923f84874838087cca2b

SHA256
944b987a0b677d354e24ee15bba65f73b0f051338f576234a975a49493399873

SHA512
38578e0d1a39ccc9851ff80d3a0f5342a34303229e2898c3ca32dad11017d4277720f54b472c2f1a0b73f47d5ba6352aa7be8ae2ed72b3b25a01dd8292591421

Download Submit
C:\Users\Admin\AppData\Local\Wave\CefSharp.Wpf.dll

Filesize
114KB

MD5
ceaf0bad83fac8ce71853cd820e4ed9d

SHA1
4eed686fbba7d4603b596fb8e494b8f452a05886

SHA256
eaced1f76adb8ee756033baee29a47b1f4d4b657ebd105a7e25c8dc4fbc48cba

SHA512
4ed3f83e797eade8f0d1c6b80ce49d18f00daaf5d69421a4920e3cea2e7d78c3622193ca65b6ab1dab14c57e7f893a7b1edb27b83f343ea4df731d80aa21ff82

Download Submit
C:\Users\Admin\AppData\Local\Wave\CefSharp.dll

Filesize
272KB

MD5
9ca06a8f9e5f7239ca225ab810274023

SHA1
e1a219f567a7b7d3af9386df51b14c76e769c044

SHA256
5fd00ae3e83e6ca156647ff6df87b49ffc7cad47c23fe3ae07c067c5adf6f74a

SHA512
430c9bceed5439b987d5bd4840cfe32411ca61594f18597aca1948aa39a22c9d70beadf3bb9b1dd0373f81a94a25dcba17fa8e8c73abf06cba28d0971d5614c5

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe

Filesize
949KB

MD5
8fb51b92d496c6765f7ba44e6d4a8990

SHA1
d3e5a8465622cd5adae05babeb7e34b2b5c777d7

SHA256
ab49d6166a285b747e5f279620ab9cea12f33f7656d732aa75900fcb981a5394

SHA512
20de93a52fff7b092cb9d77bd26944abed5f5cb67146e6d2d70be6a431283b6de52eb37a0e13dc8bc57dcf8be2d5a95b9c11b3b030a3e2f03dd6e4efc23527a6

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe

Filesize
8.0MB

MD5
b8631bbd78d3935042e47b672c19ccc3

SHA1
cd0ea137f1544a31d2a62aaed157486dce3ecebe

SHA256
9cfda541d595dc20a55df5422001dfb58debd401df3abff21b1eee8ede28451c

SHA512
0c51d6247e39f7851538a5916b24972e845abfe429f0abdc7b532f654b4afe73dc6e1936f1b062da63bfc90273d3cbc297bf6c802e615f3711d0f180c070aa26

Download Submit
C:\Users\Admin\AppData\Local\Wave\bin\Background.mp4

Filesize
4.6MB

MD5
9782180eb68f73030fe24ef6a1735932

SHA1
589827fe098ba048c9f871a28db8eae3e3537ff4

SHA256
3a1cbb800f8f25c2ab703ba8bfdb01e938e4143c3bc0fea8ca734fb5ba779ba7

SHA512
dc768638bae2d6d47d8910252ae64a656d8a6fd88efdf24165ddce51b7afdb4acb3fddd41dfe788737a2cab4fab66174db2f0d2f48bc8669af76d1656bca8be1

Download Submit
C:\Users\Admin\AppData\Local\Wave\d3dcompiler_47.dll

Filesize
3.9MB

MD5
3b4647bcb9feb591c2c05d1a606ed988

SHA1
b42c59f96fb069fd49009dfd94550a7764e6c97c

SHA256
35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7

SHA512
00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 816055.crdownload

Filesize
2.3MB

MD5
8ad8b6593c91d7960dad476d6d4af34f

SHA1
0a95f110c8264cde7768a3fd76db5687fda830ea

SHA256
43e6ae7e38488e95741b1cad60843e7ce49419889285433eb4e697c175a153ab

SHA512
09b522da0958f8b173e97b31b6c7141cb67de5d30db9ff71bc6e61ca9a97c09bff6b17d6eaa03c840500996aad25b3419391af64de1c59e98ff6a8eac636b686

Download Submit
memory/632-1494-0x000000000C470000-0x000000000C480000-memory.dmp

Filesize
64KB

Download
memory/632-1507-0x000000000C470000-0x000000000C480000-memory.dmp

Filesize
64KB

Download
memory/632-1491-0x000000000C470000-0x000000000C480000-memory.dmp

Filesize
64KB

Download
memory/632-1500-0x000000000B660000-0x000000000B670000-memory.dmp

Filesize
64KB

Download
memory/632-1492-0x000000000C470000-0x000000000C480000-memory.dmp

Filesize
64KB

Download
memory/632-1493-0x000000000C470000-0x000000000C480000-memory.dmp

Filesize
64KB

Download
memory/632-1508-0x000000000C470000-0x000000000C480000-memory.dmp

Filesize
64KB

Download
memory/632-1502-0x000000000C470000-0x000000000C480000-memory.dmp

Filesize
64KB

Download
memory/632-1541-0x000000000C470000-0x000000000C480000-memory.dmp

Filesize
64KB

Download
memory/632-1499-0x000000000D540000-0x000000000D550000-memory.dmp

Filesize
64KB

Download
memory/632-1504-0x000000000D540000-0x000000000D550000-memory.dmp

Filesize
64KB

Download
memory/632-1495-0x000000000C470000-0x000000000C480000-memory.dmp

Filesize
64KB

Download
memory/632-1498-0x000000000C470000-0x000000000C480000-memory.dmp

Filesize
64KB

Download
memory/632-1496-0x000000000C470000-0x000000000C480000-memory.dmp

Filesize
64KB

Download
memory/632-1501-0x000000000B660000-0x000000000B670000-memory.dmp

Filesize
64KB

Download
memory/632-1503-0x000000000C470000-0x000000000C480000-memory.dmp

Filesize
64KB

Download
memory/632-1490-0x000000000BBF0000-0x000000000BF44000-memory.dmp

Filesize
3.3MB

Download
memory/632-1497-0x000000000C470000-0x000000000C480000-memory.dmp

Filesize
64KB

Download
memory/632-1506-0x000000000B660000-0x000000000B670000-memory.dmp

Filesize
64KB

Download
memory/632-1505-0x000000000B660000-0x000000000B670000-memory.dmp

Filesize
64KB

Download
memory/632-1509-0x000000000B660000-0x000000000B670000-memory.dmp

Filesize
64KB

Download
memory/632-1510-0x000000000B660000-0x000000000B670000-memory.dmp

Filesize
64KB

Download
memory/632-1511-0x0000000014040000-0x000000001419B000-memory.dmp

Filesize
1.4MB

Download
memory/632-1540-0x000000000C470000-0x000000000C480000-memory.dmp

Filesize
64KB

Download
memory/1524-724-0x0000000000270000-0x0000000000278000-memory.dmp

Filesize
32KB

Download
memory/1524-725-0x0000000004A80000-0x0000000004B6A000-memory.dmp

Filesize
936KB

Download
memory/2564-690-0x000000000E680000-0x000000000E690000-memory.dmp

Filesize
64KB

Download
memory/2564-757-0x000000000DD00000-0x000000000DD10000-memory.dmp

Filesize
64KB

Download
memory/2564-756-0x000000000DD00000-0x000000000DD10000-memory.dmp

Filesize
64KB

Download
memory/2564-672-0x000000000DD00000-0x000000000DD10000-memory.dmp

Filesize
64KB

Download
memory/2564-671-0x000000000DD00000-0x000000000DD10000-memory.dmp

Filesize
64KB

Download
memory/2564-674-0x000000000DD00000-0x000000000DD10000-memory.dmp

Filesize
64KB

Download
memory/2564-676-0x000000000E680000-0x000000000E690000-memory.dmp

Filesize
64KB

Download
memory/2564-677-0x000000000E680000-0x000000000E690000-memory.dmp

Filesize
64KB

Download
memory/2564-678-0x000000000DD00000-0x000000000DD10000-memory.dmp

Filesize
64KB

Download
memory/2564-679-0x000000000DD00000-0x000000000DD10000-memory.dmp

Filesize
64KB

Download
memory/2564-680-0x000000000DD00000-0x000000000DD10000-memory.dmp

Filesize
64KB

Download
memory/2564-681-0x000000000DD00000-0x000000000DD10000-memory.dmp

Filesize
64KB

Download
memory/2564-685-0x00000000121D0000-0x0000000012356000-memory.dmp

Filesize
1.5MB

Download
memory/2564-686-0x000000000E680000-0x000000000E690000-memory.dmp

Filesize
64KB

Download
memory/2564-707-0x000000000E490000-0x000000000E4B4000-memory.dmp

Filesize
144KB

Download
memory/2564-711-0x000000000E510000-0x000000000E55A000-memory.dmp

Filesize
296KB

Download
memory/2564-714-0x0000000019250000-0x0000000019336000-memory.dmp

Filesize
920KB

Download
memory/2564-715-0x0000000012D70000-0x0000000012ECB000-memory.dmp

Filesize
1.4MB

Download
memory/2564-691-0x000000000E680000-0x000000000E690000-memory.dmp

Filesize
64KB

Download
memory/2564-687-0x000000000E680000-0x000000000E690000-memory.dmp

Filesize
64KB

Download
memory/2564-689-0x000000000DD00000-0x000000000DD10000-memory.dmp

Filesize
64KB

Download
memory/2564-688-0x000000000DD00000-0x000000000DD10000-memory.dmp

Filesize
64KB

Download
memory/2564-683-0x000000000DD00000-0x000000000DD10000-memory.dmp

Filesize
64KB

Download
memory/2564-684-0x000000000E630000-0x000000000E640000-memory.dmp

Filesize
64KB

Download
memory/2564-682-0x000000000DD00000-0x000000000DD10000-memory.dmp

Filesize
64KB

Download
memory/2564-675-0x000000000E630000-0x000000000E640000-memory.dmp

Filesize
64KB

Download
memory/2564-673-0x000000000DD00000-0x000000000DD10000-memory.dmp

Filesize
64KB

Download
memory/2564-659-0x000000000A9A0000-0x000000000A9A8000-memory.dmp

Filesize
32KB

Download
memory/2564-657-0x0000000009950000-0x000000000998E000-memory.dmp

Filesize
248KB

Download
memory/2564-658-0x000000000DA90000-0x000000000DAF6000-memory.dmp

Filesize
408KB

Download
memory/2564-656-0x000000000DD30000-0x000000000E25C000-memory.dmp

Filesize
5.2MB

Download
memory/2564-655-0x0000000006370000-0x00000000063A8000-memory.dmp

Filesize
224KB

Download
memory/2564-641-0x000000000B6B0000-0x000000000BA04000-memory.dmp

Filesize
3.3MB

Download
memory/2564-640-0x000000000AB70000-0x000000000AB92000-memory.dmp

Filesize
136KB

Download
memory/2564-634-0x0000000009D10000-0x0000000009DC2000-memory.dmp

Filesize
712KB

Download
memory/2564-629-0x0000000005D20000-0x0000000005DC0000-memory.dmp

Filesize
640KB

Download
memory/2564-628-0x0000000000AD0000-0x00000000012D2000-memory.dmp

Filesize
8.0MB

Download
memory/4360-622-0x0000000009940000-0x000000000995E000-memory.dmp

Filesize
120KB

Download
memory/4360-621-0x00000000098A0000-0x00000000098AA000-memory.dmp

Filesize
40KB

Download
memory/4360-620-0x0000000009870000-0x0000000009886000-memory.dmp

Filesize
88KB

Download
memory/4360-619-0x0000000008A60000-0x0000000008B64000-memory.dmp

Filesize
1.0MB

Download
memory/4360-616-0x00000000002D0000-0x00000000003C2000-memory.dmp

Filesize
968KB

Download
memory/4788-1514-0x0000000004B50000-0x0000000004C3A000-memory.dmp

Filesize
936KB

Download
memory/4964-618-0x00000000752C0000-0x0000000075A70000-memory.dmp

Filesize
7.7MB

Download
memory/4964-400-0x000000000B680000-0x000000000B6F2000-memory.dmp

Filesize
456KB

Download
memory/4964-402-0x0000000009C50000-0x0000000009C5A000-memory.dmp

Filesize
40KB

Download
memory/4964-401-0x00000000066C0000-0x00000000066CA000-memory.dmp

Filesize
40KB

Download
memory/4964-397-0x0000000006670000-0x0000000006696000-memory.dmp

Filesize
152KB

Download
memory/4964-398-0x00000000066A0000-0x00000000066A8000-memory.dmp

Filesize
32KB

Download
memory/4964-396-0x000000000B560000-0x000000000B5F6000-memory.dmp

Filesize
600KB

Download
memory/4964-379-0x00000000752C0000-0x0000000075A70000-memory.dmp

Filesize
7.7MB

Download
memory/4964-335-0x00000000752CE000-0x00000000752CF000-memory.dmp

Filesize
4KB

Download
memory/4964-230-0x000000000A0C0000-0x000000000A0CE000-memory.dmp

Filesize
56KB

Download
memory/4964-229-0x000000000A0F0000-0x000000000A128000-memory.dmp

Filesize
224KB

Download
memory/4964-228-0x0000000005320000-0x0000000005328000-memory.dmp

Filesize
32KB

Download
memory/4964-225-0x0000000005520000-0x00000000055D2000-memory.dmp

Filesize
712KB

Download
memory/4964-226-0x00000000055D0000-0x0000000005652000-memory.dmp

Filesize
520KB

Download
memory/4964-227-0x0000000005310000-0x0000000005318000-memory.dmp

Filesize
32KB

Download
memory/4964-224-0x00000000752C0000-0x0000000075A70000-memory.dmp

Filesize
7.7MB

Download
memory/4964-223-0x0000000000780000-0x00000000009CA000-memory.dmp

Filesize
2.3MB

Download
memory/4964-222-0x00000000752CE000-0x00000000752CF000-memory.dmp

Filesize
4KB

Download