43e6ae7e38488e95741b1cad60843e7ce49419889285433eb4e697c175a153ab

Analysis

max time kernel
157s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-08-2024 12:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WaveInstaller.exe
Size

2.3MB
MD5

8ad8b6593c91d7960dad476d6d4af34f
SHA1

0a95f110c8264cde7768a3fd76db5687fda830ea
SHA256

43e6ae7e38488e95741b1cad60843e7ce49419889285433eb4e697c175a153ab
SHA512

09b522da0958f8b173e97b31b6c7141cb67de5d30db9ff71bc6e61ca9a97c09bff6b17d6eaa03c840500996aad25b3419391af64de1c59e98ff6a8eac636b686
SSDEEP

49152:6inbT3qpTDQSmanAmwJAaDMg33U2pLYiniT:6inKpTJmWAmmAMPWin

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	WaveInstaller.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	WaveBootstrapper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	Bloxstrap.exe

Executes dropped EXE 4 IoCs

pid	Process
2000	WaveBootstrapper.exe
3508	WaveWindows.exe
676	node.exe
3932	Bloxstrap.exe

Loads dropped DLL 2 IoCs

pid	Process
2000	WaveBootstrapper.exe
3508	WaveWindows.exe

Checks for any installed AV software in registry 1 TTPs 6 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\KasperskyLab	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\LastUsername	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\Session	WaveWindows.exe
Key queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab	WaveWindows.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\KasperskyLab\LastUsername	WaveWindows.exe
Key opened	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\KasperskyLab	WaveWindows.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
80	raw.githubusercontent.com
81	raw.githubusercontent.com
82	raw.githubusercontent.com
83	raw.githubusercontent.com
60	raw.githubusercontent.com
61	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveBootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveWindows.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveInstaller.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133674202858044141"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1996	chrome.exe
1996	chrome.exe
3508	WaveWindows.exe
3508	WaveWindows.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeDebugPrivilege	2800	WaveInstaller.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeDebugPrivilege	2000	WaveBootstrapper.exe
Token: SeDebugPrivilege	3508	WaveWindows.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 2832	1996	chrome.exe	91
PID 1996 wrote to memory of 2832	1996	chrome.exe	91
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 2024	1996	chrome.exe	92
PID 1996 wrote to memory of 4948	1996	chrome.exe	93
PID 1996 wrote to memory of 4948	1996	chrome.exe	93
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94
PID 1996 wrote to memory of 2248	1996	chrome.exe	94

C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2800
- C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe
  "C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:2000
- - C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
    "C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks for any installed AV software in registry
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3508
  - - C:\Users\Admin\AppData\Local\Luau Language Server\node.exe
      "C:\Users\Admin\AppData\Local\Luau Language Server\node.exe" server --process-id=3508
      4⤵
      Executes dropped EXE
      PID:676
  - - C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
      "C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:3932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb61e1cc40,0x7ffb61e1cc4c,0x7ffb61e1cc58
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2144,i,8661642720911500840,4637223834594928753,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1940,i,8661642720911500840,4637223834594928753,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2300,i,8661642720911500840,4637223834594928753,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2476 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,8661642720911500840,4637223834594928753,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,8661642720911500840,4637223834594928753,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3696,i,8661642720911500840,4637223834594928753,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4808,i,8661642720911500840,4637223834594928753,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4976,i,8661642720911500840,4637223834594928753,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  PID:3560

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1572

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.dll

Filesize
4.3MB

MD5
6546ceb273f079342df5e828a60f551b

SHA1
ede41c27df51c39cd731797c340fcb8feda51ea3

SHA256
e440da74de73212d80da3f27661fcb9436d03d9e8dbbb44c9c148aaf38071ca5

SHA512
f0ea83bf836e93ff7b58582329a05ba183a25c92705fab36f576ec0c20cf687ce16a68e483698bda4215d441dec5916ffbdfa1763fb357e14ab5e0f1ffcaf824

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe

Filesize
249KB

MD5
772c9fecbd0397f6cfb3d866cf3a5d7d

SHA1
6de3355d866d0627a756d0d4e29318e67650dacf

SHA256
2f88ea7e1183d320fb2b7483de2e860da13dc0c0caaf58f41a888528d78c809f

SHA512
82048bd6e50d38a863379a623b8cfda2d1553d8141923acf13f990c7245c833082523633eaa830362a12bfff300da61b3d8b3cccbe038ce2375fdfbd20dbca31

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.runtimeconfig.json

Filesize
372B

MD5
d94cf983fba9ab1bb8a6cb3ad4a48f50

SHA1
04855d8b7a76b7ec74633043ef9986d4500ca63c

SHA256
1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a

SHA512
09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\52e63ca0-41a8-452f-8898-d9e11bf842f6.tmp

Filesize
8KB

MD5
071399ad1d424e8e0bc0cd6ceeb023f1

SHA1
7c9d8db7479c2e0b5e3b7cb772029f82d7191fcf

SHA256
cfdb2d392222b5cf20e480026f8cde18e9b0fc8f813f6b4941f5538dcf9d941b

SHA512
0a5927dda6768c4aca377ae89a0fd4d4d9bc70af642dfa330398ed357997aa54153d0064681e54c51c36b85996a5ae5b74d6f6020ee843106ecb88b83e0a1200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e75994b4556e348ecbc610830096f8b8

SHA1
7db52452f039571c985eecc48bc760f86a1fe092

SHA256
91d2da4ea50f651c25770f954f03ed2a95fa638fb086c7b398c2c907cd8397e8

SHA512
2ea4fc874d5386d3150093620d402dafba3ac6bf9dbdfb48407629b1e691fe29482565d88f9e042f8eef28ad35aaf772fff9f03ce15e50f41a4958358d99e43d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a2b68f50970e6e5f6da0d793c5ebf02b

SHA1
d8a0da4360f7274c1918801d3bdf635feb2ebe84

SHA256
99b2d80259039b773b6691c8b76450a048f9c55d7dfb1b3b092364334e933bb3

SHA512
8203808ea649e39374ea3779cf68c52232e6c54c7d5397998bb2ce59e5695e99b999b9b55f86be3ed41c86a33d6be7dcebca559ea6105f163c2ea32a39ae1c86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
48fa3afdfa10c938840c5a8362574772

SHA1
a02b16b7cd280418a0b8bbdf909a63be50e4ee69

SHA256
8f507998a4c3627fc1ee63a49f869e68f40722312ce28c6614c98bfaa940dfc7

SHA512
e11562dc97b8c32980c3b553c2f2d424813396eb67c3262fe171b0550cb3f1ce784a98383ed6be3a6485b599e5ed48ce0e181b31e20f474125620a154ee9718d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
90b7e96927fa6b4827899b2e9a005929

SHA1
ae53d2ff57c6f58a5e5005d6c5ab522f0169389c

SHA256
e7797fe6b276df8f31bf149e339cea3bd32e2a362691a995ce6d2bff4b5cee3f

SHA512
03cd20e1282fd42b2a6a10c20484f10d6027c9b56e0edbf0e9ba78cd941f0185be2cab35996756edd61470eaada155decbe6fe5a20028b03fbbe12648f711f86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Luau Language Server\server\index.js

Filesize
6.1MB

MD5
6b1cad741d0b6374435f7e1faa93b5e7

SHA1
7b1957e63c10f4422421245e4dc64074455fd62a

SHA256
6f17add2a8c8c2d9f592adb65d88e08558e25c15cedd82e3f013c8146b5d840f

SHA512
a662fc83536eff797b8d59e2fb4a2fb7cd903be8fc4137de8470b341312534326383bb3af58991628f15f93e3bdd57621622d9d9b634fb5e6e03d4aa06977253

Download Submit
C:\Users\Admin\AppData\Local\Wave\D3DCOMPILER_47.dll

Filesize
3.9MB

MD5
3b4647bcb9feb591c2c05d1a606ed988

SHA1
b42c59f96fb069fd49009dfd94550a7764e6c97c

SHA256
35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7

SHA512
00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe

Filesize
949KB

MD5
8fb51b92d496c6765f7ba44e6d4a8990

SHA1
d3e5a8465622cd5adae05babeb7e34b2b5c777d7

SHA256
ab49d6166a285b747e5f279620ab9cea12f33f7656d732aa75900fcb981a5394

SHA512
20de93a52fff7b092cb9d77bd26944abed5f5cb67146e6d2d70be6a431283b6de52eb37a0e13dc8bc57dcf8be2d5a95b9c11b3b030a3e2f03dd6e4efc23527a6

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe

Filesize
8.0MB

MD5
b8631bbd78d3935042e47b672c19ccc3

SHA1
cd0ea137f1544a31d2a62aaed157486dce3ecebe

SHA256
9cfda541d595dc20a55df5422001dfb58debd401df3abff21b1eee8ede28451c

SHA512
0c51d6247e39f7851538a5916b24972e845abfe429f0abdc7b532f654b4afe73dc6e1936f1b062da63bfc90273d3cbc297bf6c802e615f3711d0f180c070aa26

Download Submit
memory/2000-354-0x00000000008A0000-0x0000000000992000-memory.dmp

Filesize
968KB

Download
memory/2000-357-0x0000000009020000-0x0000000009124000-memory.dmp

Filesize
1.0MB

Download
memory/2000-358-0x0000000009D40000-0x0000000009D56000-memory.dmp

Filesize
88KB

Download
memory/2000-359-0x0000000009D80000-0x0000000009D8A000-memory.dmp

Filesize
40KB

Download
memory/2000-360-0x0000000009E20000-0x0000000009E3E000-memory.dmp

Filesize
120KB

Download
memory/2800-11-0x000000007486E000-0x000000007486F000-memory.dmp

Filesize
4KB

Download
memory/2800-8-0x0000000074860000-0x0000000075010000-memory.dmp

Filesize
7.7MB

Download
memory/2800-134-0x0000000000AA0000-0x0000000000B36000-memory.dmp

Filesize
600KB

Download
memory/2800-136-0x00000000008E0000-0x00000000008E8000-memory.dmp

Filesize
32KB

Download
memory/2800-135-0x0000000000B40000-0x0000000000B66000-memory.dmp

Filesize
152KB

Download
memory/2800-138-0x000000000B5C0000-0x000000000B632000-memory.dmp

Filesize
456KB

Download
memory/2800-139-0x0000000000B70000-0x0000000000B7A000-memory.dmp

Filesize
40KB

Download
memory/2800-140-0x0000000000B80000-0x0000000000B8A000-memory.dmp

Filesize
40KB

Download
memory/2800-12-0x0000000074860000-0x0000000075010000-memory.dmp

Filesize
7.7MB

Download
memory/2800-0-0x000000007486E000-0x000000007486F000-memory.dmp

Filesize
4KB

Download
memory/2800-356-0x0000000074860000-0x0000000075010000-memory.dmp

Filesize
7.7MB

Download
memory/2800-9-0x0000000009A80000-0x0000000009AB8000-memory.dmp

Filesize
224KB

Download
memory/2800-10-0x0000000009A40000-0x0000000009A4E000-memory.dmp

Filesize
56KB

Download
memory/2800-13-0x0000000074860000-0x0000000075010000-memory.dmp

Filesize
7.7MB

Download
memory/2800-7-0x0000000074860000-0x0000000075010000-memory.dmp

Filesize
7.7MB

Download
memory/2800-6-0x0000000004F50000-0x0000000004F58000-memory.dmp

Filesize
32KB

Download
memory/2800-5-0x0000000004F40000-0x0000000004F48000-memory.dmp

Filesize
32KB

Download
memory/2800-1-0x0000000000100000-0x000000000034A000-memory.dmp

Filesize
2.3MB

Download
memory/2800-2-0x0000000074860000-0x0000000075010000-memory.dmp

Filesize
7.7MB

Download
memory/2800-4-0x0000000004EC0000-0x0000000004F42000-memory.dmp

Filesize
520KB

Download
memory/2800-3-0x0000000004E10000-0x0000000004EC2000-memory.dmp

Filesize
712KB

Download
memory/3508-378-0x000000000B580000-0x000000000B5A2000-memory.dmp

Filesize
136KB

Download
memory/3508-379-0x000000000B5B0000-0x000000000B904000-memory.dmp

Filesize
3.3MB

Download
memory/3508-372-0x0000000009E30000-0x0000000009EE2000-memory.dmp

Filesize
712KB

Download
memory/3508-367-0x0000000005680000-0x0000000005720000-memory.dmp

Filesize
640KB

Download
memory/3508-366-0x00000000003E0000-0x0000000000BE2000-memory.dmp

Filesize
8.0MB

Download
memory/3508-393-0x0000000005BE0000-0x0000000005C18000-memory.dmp

Filesize
224KB

Download