hxxps://waveexecutor[.]com/get

Analysis

max time kernel
111s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-08-2024 06:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://waveexecutor.com/get

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	WaveInstaller.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	WaveBootstrapper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	Bloxstrap.exe

Executes dropped EXE 5 IoCs

pid	Process
4320	WaveInstaller.exe
2740	WaveBootstrapper.exe
4164	WaveWindows.exe
4848	node.exe
2452	Bloxstrap.exe

Loads dropped DLL 2 IoCs

pid	Process
2740	WaveBootstrapper.exe
4164	WaveWindows.exe

Checks for any installed AV software in registry 1 TTPs 4 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\KasperskyLab	WaveWindows.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\KasperskyLab	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\KasperskyLab\LastUsername	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\KasperskyLab\Session	WaveWindows.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
75	raw.githubusercontent.com
76	raw.githubusercontent.com
77	raw.githubusercontent.com
78	raw.githubusercontent.com
60	raw.githubusercontent.com
61	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveBootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveWindows.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133674010909548038"	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
4372	chrome.exe
4372	chrome.exe
4164	WaveWindows.exe
4164	WaveWindows.exe
4164	WaveWindows.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4372	chrome.exe
4372	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeDebugPrivilege	4320	WaveInstaller.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4848	node.exe
2452	Bloxstrap.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4372 wrote to memory of 4692	4372	chrome.exe	90
PID 4372 wrote to memory of 4692	4372	chrome.exe	90
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 3512	4372	chrome.exe	91
PID 4372 wrote to memory of 4728	4372	chrome.exe	92
PID 4372 wrote to memory of 4728	4372	chrome.exe	92
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93
PID 4372 wrote to memory of 1568	4372	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://waveexecutor.com/get
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdb41ecc40,0x7ffdb41ecc4c,0x7ffdb41ecc58
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1992,i,11603554583262852041,400547155787331996,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1860,i,11603554583262852041,400547155787331996,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2024 /prefetch:3
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,11603554583262852041,400547155787331996,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2176 /prefetch:8
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,11603554583262852041,400547155787331996,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,11603554583262852041,400547155787331996,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4904,i,11603554583262852041,400547155787331996,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5004,i,11603554583262852041,400547155787331996,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5012,i,11603554583262852041,400547155787331996,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5348,i,11603554583262852041,400547155787331996,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  PID:4192
- C:\Users\Admin\Downloads\WaveInstaller.exe
  "C:\Users\Admin\Downloads\WaveInstaller.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:4320
- - C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe
    "C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2740
  - - C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
      "C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks for any installed AV software in registry
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:4164
    - - C:\Users\Admin\AppData\Local\Luau Language Server\node.exe
        
        "C:\Users\Admin\AppData\Local\Luau Language Server\node.exe" server --process-id=4164
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4848
    - - C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
        
        "C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1592

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4252,i,2727319350781907497,7925939240893079607,262144 --variations-seed-version --mojo-platform-channel-handle=1304 /prefetch:8
1⤵
PID:4920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.dll

Filesize
4.3MB

MD5
6546ceb273f079342df5e828a60f551b

SHA1
ede41c27df51c39cd731797c340fcb8feda51ea3

SHA256
e440da74de73212d80da3f27661fcb9436d03d9e8dbbb44c9c148aaf38071ca5

SHA512
f0ea83bf836e93ff7b58582329a05ba183a25c92705fab36f576ec0c20cf687ce16a68e483698bda4215d441dec5916ffbdfa1763fb357e14ab5e0f1ffcaf824

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe

Filesize
249KB

MD5
772c9fecbd0397f6cfb3d866cf3a5d7d

SHA1
6de3355d866d0627a756d0d4e29318e67650dacf

SHA256
2f88ea7e1183d320fb2b7483de2e860da13dc0c0caaf58f41a888528d78c809f

SHA512
82048bd6e50d38a863379a623b8cfda2d1553d8141923acf13f990c7245c833082523633eaa830362a12bfff300da61b3d8b3cccbe038ce2375fdfbd20dbca31

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.runtimeconfig.json

Filesize
372B

MD5
d94cf983fba9ab1bb8a6cb3ad4a48f50

SHA1
04855d8b7a76b7ec74633043ef9986d4500ca63c

SHA256
1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a

SHA512
09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
623e57d1a5a0ad347722b1d9da8ebf04

SHA1
f6fcf7d19f07904dffc724bdc38c9851b397a6d4

SHA256
e4d41013e83b8ffa72b846cff54cf870b9317530b8b833299b0f034a9fdadcf2

SHA512
82da84318f268cf88246dc4a214d1868c37f85cd0a5d2fbd86956d631396b6cbd8cb8e8840f10b8c125a3f10062108bdd38cd2c0dbc9c5389a99466167233b00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c7dd35cf92100eec89050a7e1f4b77f4

SHA1
79862d49d39da762f57127217b8cc4f32ce2a74a

SHA256
a67d0d1437dd33e7670a7e26dfaf81f800e21df16d9e95cf6fb7c50f4d6c3d34

SHA512
fb28dc163875a34198c2d091461cfb670fa076268dc4d64ccd4540ba93bd7597de5a6b895e7bdcbaf35a5ea64f8aa53fd574aee1c0243b579e531b2c2d3fa1bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7beff4aa71ee033c0a773e00855ace3c

SHA1
1bcb0d970316d6d5d58bb3387704944e8aac29b5

SHA256
7700f2b7b7dffd170b81d8f86522b3e0deb9d9d28ac11c4b15135cebcf8e52d0

SHA512
3c7b258ab7c1056116bf1a4a7873a5ded4ae08d738a47b2a4e978f5a77ecce7174684bbba9e440dc43de48895034438b3b1d27380cfccc12d381e81040bf8f2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8a8515f32062cb68cf769adad364ae38

SHA1
bb481c9252a548aafb4159f82523fe3667d2d935

SHA256
310c7454409008f3304dcc84c1197a8ce093945d1bb766c783b6fbd82c722c60

SHA512
804a17234b1fc92a4518b844dcecfc2d270629c2eac8bd07c304de924e5b2c6edec58a90b4adb789162c88b3710636c7572bd8300334776dbe075a39cbb10be4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4e2a0a819261ec7055aefb5867b4039f

SHA1
1232b16e0b875a57ff61a110a4cb4dd1ccdac4b7

SHA256
b39dfc1fa06d103c2619e66ab017c9c0ff09e5c172e93f15c5e629ca3e1cee40

SHA512
d10200e83745a10f78d41e8e46eec52f94f822741e34896042ec4ee69f4ef5f97993039ebbc9b270cf1f801b25576f7a502f40f4c98a8fc900889caf7dfc692b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
95e91ea4605a4d6093bdd5ae288c828a

SHA1
bbabd66d48b23a618d5021d67ee2196c0ae0fa28

SHA256
9e332ff50b43a097b342fdf35dad0ba6b75017b53d58a56b397802ee71458a05

SHA512
49d73eb0ba3dc25251e1c80603e90257465d214194aabd283f0b029f114734d1d9f9d2cc678a20eaa52c099cb5e4a385ed3a4f14492a1cc85e455e3951d00c0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2ea4d8e8879a8af5334fb20807cf78bc

SHA1
0494154671ff205ac4ee0ccb95b873f5baba2b0a

SHA256
b57e948005ff85b1c4e69835e3556acb906aee29e2f9529cda6e4715c0b3b106

SHA512
920f34a426a5272d616cf14f7cedad84d005be387c643dcece33c23d0f7dd78e422d3a47eabf57e9b6fc4e870e1f0b270edf6bc547545d235558038392839382

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ca8b8817c634ca02eeac1884c6e290f2

SHA1
8a482625671270b181f8d4a66daededb9329f708

SHA256
6a5f3f29af62b317a2c49d9d30d811921f6b0e6f15d76ab989d76adb995feaa2

SHA512
9cb9c529eacd46870f7e3caebe8090c5f876c106a96a8e6ed379257e5b52e3646b2935ca5f12a507d3ee1d215e3e1dce79af46251ed813089a5afd8f8ff92db1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
069758c3220b75cf9501c8ce66d63466

SHA1
c969b5121c6f91a25385f82488b2df5e2e25dea7

SHA256
f007c89a9a3991aa5fe3bbe54a130ceea35e472bf1a109a2e2cca7be32dccb78

SHA512
0a9100b575903a28436f13c5f4ded0ccfa3151295be211512908c1bdedeab00ee17dbb0d5a1f601545ca26e65c4abfa4dec9dd9cbd27dd4f57cc5b80404144e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
0c5d80333f8456e10ee5bfbbf847d3d9

SHA1
1101b5b47fed90f3e991bbed0427fdc5b50d85d5

SHA256
5b14ce5ac27d6062e65b200e94cc7db66ae0afd08e25f520a61bf4f46a4b6a91

SHA512
b4a22d4e6fe7bd39b52cbb5347a7f650fa1bbb307bc158d26ebaa4db38967e254053b08e2ca83e9e5b6d87eb00bded92262a0e0cc7f2b80a636cf408c676df03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
9261c29031b51fd3a7ab1b9c44961bbe

SHA1
ed74032c4efc351fe893ab08828edf64512e5b94

SHA256
a0fdcee07c2877335265e142b4565c9b0d82ab03e88c54c4b3c8c16eb2ff87a8

SHA512
6517efda46d274e8cca2ce231039ffc836fd5641022aa2c80b00c60cac27401d7600af7a7b1907ed5745ca41ae28bef7b7cefd504deb042052520a94faeb26fd

Download Submit
C:\Users\Admin\AppData\Local\Luau Language Server\server\index.js

Filesize
6.1MB

MD5
6b1cad741d0b6374435f7e1faa93b5e7

SHA1
7b1957e63c10f4422421245e4dc64074455fd62a

SHA256
6f17add2a8c8c2d9f592adb65d88e08558e25c15cedd82e3f013c8146b5d840f

SHA512
a662fc83536eff797b8d59e2fb4a2fb7cd903be8fc4137de8470b341312534326383bb3af58991628f15f93e3bdd57621622d9d9b634fb5e6e03d4aa06977253

Download Submit
C:\Users\Admin\AppData\Local\Wave\D3DCOMPILER_47.dll

Filesize
3.9MB

MD5
3b4647bcb9feb591c2c05d1a606ed988

SHA1
b42c59f96fb069fd49009dfd94550a7764e6c97c

SHA256
35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7

SHA512
00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe

Filesize
949KB

MD5
8fb51b92d496c6765f7ba44e6d4a8990

SHA1
d3e5a8465622cd5adae05babeb7e34b2b5c777d7

SHA256
ab49d6166a285b747e5f279620ab9cea12f33f7656d732aa75900fcb981a5394

SHA512
20de93a52fff7b092cb9d77bd26944abed5f5cb67146e6d2d70be6a431283b6de52eb37a0e13dc8bc57dcf8be2d5a95b9c11b3b030a3e2f03dd6e4efc23527a6

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe

Filesize
8.0MB

MD5
b8631bbd78d3935042e47b672c19ccc3

SHA1
cd0ea137f1544a31d2a62aaed157486dce3ecebe

SHA256
9cfda541d595dc20a55df5422001dfb58debd401df3abff21b1eee8ede28451c

SHA512
0c51d6247e39f7851538a5916b24972e845abfe429f0abdc7b532f654b4afe73dc6e1936f1b062da63bfc90273d3cbc297bf6c802e615f3711d0f180c070aa26

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 864821.crdownload

Filesize
2.3MB

MD5
8ad8b6593c91d7960dad476d6d4af34f

SHA1
0a95f110c8264cde7768a3fd76db5687fda830ea

SHA256
43e6ae7e38488e95741b1cad60843e7ce49419889285433eb4e697c175a153ab

SHA512
09b522da0958f8b173e97b31b6c7141cb67de5d30db9ff71bc6e61ca9a97c09bff6b17d6eaa03c840500996aad25b3419391af64de1c59e98ff6a8eac636b686

Download Submit
memory/2740-362-0x00000000096F0000-0x000000000970E000-memory.dmp

Filesize
120KB

Download
memory/2740-356-0x0000000000170000-0x0000000000262000-memory.dmp

Filesize
968KB

Download
memory/2740-359-0x00000000088E0000-0x00000000089E4000-memory.dmp

Filesize
1.0MB

Download
memory/2740-360-0x0000000009610000-0x0000000009626000-memory.dmp

Filesize
88KB

Download
memory/2740-361-0x0000000009650000-0x000000000965A000-memory.dmp

Filesize
40KB

Download
memory/4164-383-0x0000000009CB0000-0x0000000009D62000-memory.dmp

Filesize
712KB

Download
memory/4164-378-0x0000000005410000-0x00000000054B0000-memory.dmp

Filesize
640KB

Download
memory/4164-377-0x0000000000280000-0x0000000000A82000-memory.dmp

Filesize
8.0MB

Download
memory/4164-389-0x000000000ACF0000-0x000000000AD12000-memory.dmp

Filesize
136KB

Download
memory/4164-390-0x000000000B630000-0x000000000B984000-memory.dmp

Filesize
3.3MB

Download
memory/4320-65-0x0000000009F10000-0x0000000009F1E000-memory.dmp

Filesize
56KB

Download
memory/4320-142-0x0000000001120000-0x000000000112A000-memory.dmp

Filesize
40KB

Download
memory/4320-141-0x0000000000D50000-0x0000000000D5A000-memory.dmp

Filesize
40KB

Download
memory/4320-358-0x00000000744A0000-0x0000000074C50000-memory.dmp

Filesize
7.7MB

Download
memory/4320-140-0x0000000001150000-0x00000000011C2000-memory.dmp

Filesize
456KB

Download
memory/4320-138-0x0000000000CF0000-0x0000000000CF8000-memory.dmp

Filesize
32KB

Download
memory/4320-137-0x0000000000D20000-0x0000000000D46000-memory.dmp

Filesize
152KB

Download
memory/4320-136-0x0000000000FB0000-0x0000000001046000-memory.dmp

Filesize
600KB

Download
memory/4320-83-0x00000000744A0000-0x0000000074C50000-memory.dmp

Filesize
7.7MB

Download
memory/4320-82-0x00000000744A0000-0x0000000074C50000-memory.dmp

Filesize
7.7MB

Download
memory/4320-81-0x00000000744AE000-0x00000000744AF000-memory.dmp

Filesize
4KB

Download
memory/4320-66-0x00000000744A0000-0x0000000074C50000-memory.dmp

Filesize
7.7MB

Download
memory/4320-64-0x0000000009F40000-0x0000000009F78000-memory.dmp

Filesize
224KB

Download
memory/4320-63-0x00000000744A0000-0x0000000074C50000-memory.dmp

Filesize
7.7MB

Download
memory/4320-62-0x0000000005430000-0x0000000005438000-memory.dmp

Filesize
32KB

Download
memory/4320-61-0x00000000052E0000-0x00000000052E8000-memory.dmp

Filesize
32KB

Download
memory/4320-60-0x00000000053B0000-0x0000000005432000-memory.dmp

Filesize
520KB

Download
memory/4320-59-0x0000000005300000-0x00000000053B2000-memory.dmp

Filesize
712KB

Download
memory/4320-58-0x00000000744A0000-0x0000000074C50000-memory.dmp

Filesize
7.7MB

Download
memory/4320-57-0x00000000005E0000-0x000000000082A000-memory.dmp

Filesize
2.3MB

Download
memory/4320-56-0x00000000744AE000-0x00000000744AF000-memory.dmp

Filesize
4KB

Download