67b2342195e5b22fb7b9c5375e45a9f710479be94e3789e624c0fd00e6a3aba8

Analysis

max time kernel
300s
max time network
303s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
07/08/2024, 18:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

test.jpg
Size

4KB
MD5

9a613d94d2a243f147924a14d6869ab2
SHA1

252695d8c317656faa2c78a6dedf04a6187c7d51
SHA256

67b2342195e5b22fb7b9c5375e45a9f710479be94e3789e624c0fd00e6a3aba8
SHA512

9229f0f20caa786cd66ba661dc71c14d1a04cc270aa2207c748ebf56ec2edc55c5a5064632618f5c752316585271e114f6b2f738979f982d583a712ec6a5429b
SSDEEP

96:Z8Chd7pHYoixJu9RPQrowqZ7zgdADF4ffHvX9CbDec+:ZxGL+zPQpqZmAD+HPKKr

Score

8^/10

defense_evasion discovery evasion persistence privilege_escalation spyware stealer trojan

Malware Config

Signatures

Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 64 IoCs

pid	Process
1596	Wave Browser.exe
4084	SWUpdaterSetup.exe
1036	SWUpdater.exe
4996	SWUpdater.exe
4472	SWUpdaterComRegisterShell64.exe
2388	SWUpdaterComRegisterShell64.exe
960	SWUpdaterComRegisterShell64.exe
2956	SWUpdater.exe
3120	SWUpdater.exe
2256	SWUpdater.exe
2584	WaveInstaller-v1.5.18.2.exe
716	setup.exe
4208	setup.exe
1144	setup.exe
5112	setup.exe
696	wavebrowser.exe
3916	wavebrowser.exe
2192	wavebrowser.exe
4816	wavebrowser.exe
4712	wavebrowser.exe
5176	wavebrowser.exe
1232	wavebrowser.exe
5912	SWUpdater.exe
5940	wavebrowser.exe
2568	wavebrowser.exe
5160	wavebrowser.exe
5312	wavebrowser.exe
5324	wavebrowser.exe
5472	wavebrowser.exe
5532	wavebrowser.exe
5536	wavebrowser.exe
5432	wavebrowser.exe
5448	wavebrowser.exe
5412	wavebrowser.exe
5132	wavebrowser.exe
5308	wavebrowser.exe
5856	wavebrowser.exe
5816	wavebrowser.exe
416	wavebrowser.exe
4592	wavebrowser.exe
4260	wavebrowser.exe
6132	wavebrowser.exe
5912	wavebrowser.exe
5660	wavebrowser.exe
5800	wavebrowser.exe
5160	wavebrowser.exe
5640	wavebrowser.exe
5136	wavebrowser.exe
5792	wavebrowser.exe
5132	wavebrowser.exe
5896	wavebrowser.exe
5856	wavebrowser.exe
5888	wavebrowser.exe
5828	wavebrowser.exe
1604	wavebrowser.exe
6656	wavebrowser.exe
6668	wavebrowser.exe
6804	wavebrowser.exe
6816	wavebrowser.exe
6884	wavebrowser.exe
6916	wavebrowser.exe
6928	wavebrowser.exe
6988	wavebrowser.exe
7120	wavebrowser.exe

Loads dropped DLL 64 IoCs

pid	Process
1036	SWUpdater.exe
4996	SWUpdater.exe
4472	SWUpdaterComRegisterShell64.exe
4996	SWUpdater.exe
2388	SWUpdaterComRegisterShell64.exe
4996	SWUpdater.exe
960	SWUpdaterComRegisterShell64.exe
4996	SWUpdater.exe
2956	SWUpdater.exe
3120	SWUpdater.exe
2256	SWUpdater.exe
2256	SWUpdater.exe
3120	SWUpdater.exe
696	wavebrowser.exe
3916	wavebrowser.exe
696	wavebrowser.exe
2192	wavebrowser.exe
4816	wavebrowser.exe
2192	wavebrowser.exe
4816	wavebrowser.exe
2192	wavebrowser.exe
2192	wavebrowser.exe
2192	wavebrowser.exe
4712	wavebrowser.exe
2192	wavebrowser.exe
2192	wavebrowser.exe
2192	wavebrowser.exe
1232	wavebrowser.exe
4712	wavebrowser.exe
5176	wavebrowser.exe
1232	wavebrowser.exe
5176	wavebrowser.exe
5912	SWUpdater.exe
5940	wavebrowser.exe
5940	wavebrowser.exe
2568	wavebrowser.exe
2568	wavebrowser.exe
5160	wavebrowser.exe
5308	wavebrowser.exe
5160	wavebrowser.exe
5308	wavebrowser.exe
5324	wavebrowser.exe
5472	wavebrowser.exe
5532	wavebrowser.exe
5324	wavebrowser.exe
5472	wavebrowser.exe
5536	wavebrowser.exe
5532	wavebrowser.exe
5432	wavebrowser.exe
5412	wavebrowser.exe
5132	wavebrowser.exe
5132	wavebrowser.exe
5412	wavebrowser.exe
5816	wavebrowser.exe
5856	wavebrowser.exe
5816	wavebrowser.exe
5856	wavebrowser.exe
5312	wavebrowser.exe
5312	wavebrowser.exe
5536	wavebrowser.exe
5448	wavebrowser.exe
5432	wavebrowser.exe
416	wavebrowser.exe
416	wavebrowser.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\Software\Microsoft\Windows\CurrentVersion\Run\Wavesor SWUpdater = "\"C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\SWUpdaterCore.exe\""	SWUpdater.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 6 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SWUpdater.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SWUpdater.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SWUpdater.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SWUpdater.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SWUpdater.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SWUpdater.exe

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	wavebrowser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	wavebrowser.exe

Drops file in Program Files directory 14 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Wavesor\Temp\GUT2E03.tmp	SWUpdaterSetup.exe
File created	C:\Program Files (x86)\Wavesor\Temp\GUM2E02.tmp\psuser.dll	SWUpdaterSetup.exe
File created	C:\Program Files (x86)\Wavesor\Temp\GUM2E02.tmp\psuser_64.dll	SWUpdaterSetup.exe
File created	C:\Program Files (x86)\Wavesor\Temp\GUM2E02.tmp\SWUpdaterCore.exe	SWUpdaterSetup.exe
File created	C:\Program Files (x86)\Wavesor\Temp\GUM2E02.tmp\swupdater.dll	SWUpdaterSetup.exe
File created	C:\Program Files (x86)\Wavesor\Temp\GUM2E02.tmp\SWUpdaterComRegisterShell64.exe	SWUpdaterSetup.exe
File created	C:\Program Files (x86)\Wavesor\Temp\GUM2E02.tmp\swupdaterres_en.dll	SWUpdaterSetup.exe
File opened for modification	C:\Program Files (x86)\Wavesor\Temp\GUM2E02.tmp\SWUpdaterSetup.exe	SWUpdaterSetup.exe
File created	C:\Program Files (x86)\Wavesor\Temp\GUM2E02.tmp\SWUpdater.exe	SWUpdaterSetup.exe
File created	C:\Program Files (x86)\Wavesor\Temp\GUM2E02.tmp\SWUpdaterBroker.exe	SWUpdaterSetup.exe
File created	C:\Program Files (x86)\Wavesor\Temp\GUM2E02.tmp\psmachine.dll	SWUpdaterSetup.exe
File created	C:\Program Files (x86)\Wavesor\Temp\GUM2E02.tmp\SWUpdaterOnDemand.exe	SWUpdaterSetup.exe
File created	C:\Program Files (x86)\Wavesor\Temp\GUM2E02.tmp\psmachine_64.dll	SWUpdaterSetup.exe
File created	C:\Program Files (x86)\Wavesor\Temp\GUM2E02.tmp\SWUpdaterSetup.exe	SWUpdaterSetup.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	wavebrowser.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Wave Browser.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 15 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SWUpdaterSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SWUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SWUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveInstaller-v1.5.18.2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SWUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SWUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SWUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SWUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2956	SWUpdater.exe
5912	SWUpdater.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	wavebrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	wavebrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	wavebrowser.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	wavebrowser.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133675307762322799"	wavebrowser.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{C0151E6C-8D24-485D-BEC8-B6C6C82E26E8}	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{E44DDEE0-3097-499E-9DD5-7D5D5DCC401D}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}"	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{C5E89508-3927-4EF5-A3B3-C479F0D4E36F}\NumMethods	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{3BE77C6E-0029-4F24-B677-32C9E15CD8F1}\NumMethods	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{E4E159E0-7B9C-4D75-AC11-A80628173DE3}	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{DDF98EF0-2728-4A8D-8B0F-32627DC56437}\ = "ICurrentState"	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{894ADE70-1E5F-4520-A281-CE3BF0309CE6}\ProxyStubClsid32	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{92333BDA-3022-4A7F-8858-081260EA85DE}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}"	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{D669BD5D-A9B6-47FD-B558-81508AEF48C4}	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\WOW6432Node\CLSID\{D12748C8-5013-45E2-9A24-2FB7C2EEFB7C}\LocalServer32\ = "\"C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\SWUpdaterOnDemand.exe\""	SWUpdater.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\apk_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe\" \"%1\""	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\WOW6432Node\Interface\{D669BD5D-A9B6-47FD-B558-81508AEF48C4}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}"	SWUpdater.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32\ThreadingModel = "Both"	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{44367D77-92C0-45E8-840D-0C098E650CE8}\ = "IJobObserver"	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\潬灯se񳩨咧耀\ = "apk_auto_file"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\CLSID\{2B2AD342-8BBC-40AD-AF1B-6887EAB9D3D0}\InprocHandler32\ThreadingModel = "Both"	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{730EBDF4-7AD2-4516-BF1A-6C6F28C60CF9}	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\WOW6432Node\Interface\{DDF98EF0-2728-4A8D-8B0F-32627DC56437}	SWUpdater.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{62A51DF2-CCB8-4DD9-9069-34B8461617FC}	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\apk_auto_file\shell\Read\command	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{50363C3E-2FB2-4EC0-A827-CD3314F526C5}\NumMethods\ = "10"	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\WOW6432Node\Interface\{7DFF302B-EA41-49F8-97B1-9413CEF98C68}\NumMethods\ = "10"	SWUpdater.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\WOW6432Node\Interface\{E4E4854F-9D7B-4120-A207-CF52C875F08E}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}"	SWUpdater.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{7DFF302B-EA41-49F8-97B1-9413CEF98C68}\NumMethods\ = "10"	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\WOW6432Node\Interface\{0D311A22-BD24-4C7A-8FC1-117F8D62A781}\NumMethods\ = "9"	SWUpdater.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{2C53B9D4-A718-4972-B28E-2E7AF1055602}\ = "IAppVersion"	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{E4E4854F-9D7B-4120-A207-CF52C875F08E}\ProxyStubClsid32	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{068FAC78-4F23-4F74-99A0-F7C4797D5ECA}\NumMethods\ = "41"	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\WOW6432Node\Interface\{B2083DCC-1D29-45E6-8386-BEE1488D11AA}\NumMethods\ = "24"	SWUpdater.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{8129608C-48BD-42A6-9EBC-7B0933A5CFA3}\ProxyStubClsid32	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{CFDE680E-8700-4808-BAAF-8B1F50F2CC87}\NumMethods	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{44367D77-92C0-45E8-840D-0C098E650CE8}\ = "IJobObserver"	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{617E37E1-AC79-4162-BACC-C797A1D31D3E}\ProxyStubClsid32	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\WavesorSWUpdater.Update3WebUser\CurVer\ = "WavesorSWUpdater.Update3WebUser.1.0"	SWUpdater.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{D3C865DD-E36B-432E-9E47-554925B86737}	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\WOW6432Node\CLSID\{1BE9D40C-2307-4213-830E-7E3CE9EDF0C2}\VersionIndependentProgID	SWUpdater.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{DA4EFC2D-B243-4BA8-8A14-8937D867B699}\ProxyStubClsid32	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\WOW6432Node\Interface\{CFDE680E-8700-4808-BAAF-8B1F50F2CC87}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}"	SWUpdater.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\WOW6432Node\Interface\{068FAC78-4F23-4F74-99A0-F7C4797D5ECA}\ = "IApp"	SWUpdater.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{64A19E70-BCFF-4808-A320-774FD11571E5}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}"	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\WaveBrwsHTM.5TNDGAWJGEPBWGISK3TI7N5OY4\AppUserModelId = "WaveBrowser.5TNDGAWJGEPBWGISK3TI7N5OY4"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{3BE77C6E-0029-4F24-B677-32C9E15CD8F1}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}"	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{62A51DF2-CCB8-4DD9-9069-34B8461617FC}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}"	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{62A51DF2-CCB8-4DD9-9069-34B8461617FC}\ProxyStubClsid32	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{44367D77-92C0-45E8-840D-0C098E650CE8}\NumMethods	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\wavebrowser\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{8129608C-48BD-42A6-9EBC-7B0933A5CFA3}\NumMethods	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{E44B162B-4287-40B0-8E7A-6E251D80B3DF}\ProxyStubClsid32	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{B2083DCC-1D29-45E6-8386-BEE1488D11AA}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}"	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\WOW6432Node\Interface\{50363C3E-2FB2-4EC0-A827-CD3314F526C5}\NumMethods\ = "10"	SWUpdater.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\WOW6432Node\Interface\{64A19E70-BCFF-4808-A320-774FD11571E5}	SWUpdater.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.133.0\\psuser_64.dll"	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{C5E89508-3927-4EF5-A3B3-C479F0D4E36F}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}"	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{894ADE70-1E5F-4520-A281-CE3BF0309CE6}\NumMethods	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{E44DDEE0-3097-499E-9DD5-7D5D5DCC401D}\ProxyStubClsid32	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\.htm	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{3BE77C6E-0029-4F24-B677-32C9E15CD8F1}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}"	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{DDF98EF0-2728-4A8D-8B0F-32627DC56437}\ = "ICurrentState"	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\.xhtml	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\WOW6432Node\Interface\{E44B162B-4287-40B0-8E7A-6E251D80B3DF}\NumMethods	SWUpdater.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\WOW6432Node\Interface\{730EBDF4-7AD2-4516-BF1A-6C6F28C60CF9}\NumMethods	SWUpdater.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Interface\{D3C865DD-E36B-432E-9E47-554925B86737}	SWUpdaterComRegisterShell64.exe

NTFS ADS 5 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Fluxus-2.635.590_fluxus.mobi.apk:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 815039.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\cc2aad-noclip.zip:Zone.Identifier	wavebrowser.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 246248.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Wave Browser.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
3484	msedge.exe
3484	msedge.exe
2184	msedge.exe
2184	msedge.exe
4164	msedge.exe
4164	msedge.exe
4652	identity_helper.exe
4652	identity_helper.exe
1056	msedge.exe
1056	msedge.exe
228	msedge.exe
228	msedge.exe
2388	msedge.exe
2388	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
1036	SWUpdater.exe
1036	SWUpdater.exe
716	setup.exe
716	setup.exe
716	setup.exe
716	setup.exe
716	setup.exe
716	setup.exe
1036	SWUpdater.exe
1036	SWUpdater.exe
1036	SWUpdater.exe
1036	SWUpdater.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1252	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	4200	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4200	AUDIODG.EXE
Token: SeDebugPrivilege	1596	Wave Browser.exe
Token: SeDebugPrivilege	1036	SWUpdater.exe
Token: SeDebugPrivilege	1036	SWUpdater.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe
Token: SeCreatePagefilePrivilege	696	wavebrowser.exe
Token: SeShutdownPrivilege	696	wavebrowser.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe

Suspicious use of SendNotifyMessage 29 IoCs

pid	Process
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe
696	wavebrowser.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
1252	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
1252	OpenWith.exe
4868	AcroRd32.exe
4868	AcroRd32.exe
4868	AcroRd32.exe
4868	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3484 wrote to memory of 4672	3484	msedge.exe	87
PID 3484 wrote to memory of 4672	3484	msedge.exe	87
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 1348	3484	msedge.exe	88
PID 3484 wrote to memory of 2184	3484	msedge.exe	89
PID 3484 wrote to memory of 2184	3484	msedge.exe	89
PID 3484 wrote to memory of 4352	3484	msedge.exe	90
PID 3484 wrote to memory of 4352	3484	msedge.exe	90
PID 3484 wrote to memory of 4352	3484	msedge.exe	90
PID 3484 wrote to memory of 4352	3484	msedge.exe	90
PID 3484 wrote to memory of 4352	3484	msedge.exe	90
PID 3484 wrote to memory of 4352	3484	msedge.exe	90
PID 3484 wrote to memory of 4352	3484	msedge.exe	90
PID 3484 wrote to memory of 4352	3484	msedge.exe	90
PID 3484 wrote to memory of 4352	3484	msedge.exe	90
PID 3484 wrote to memory of 4352	3484	msedge.exe	90
PID 3484 wrote to memory of 4352	3484	msedge.exe	90
PID 3484 wrote to memory of 4352	3484	msedge.exe	90
PID 3484 wrote to memory of 4352	3484	msedge.exe	90
PID 3484 wrote to memory of 4352	3484	msedge.exe	90
PID 3484 wrote to memory of 4352	3484	msedge.exe	90
PID 3484 wrote to memory of 4352	3484	msedge.exe	90
PID 3484 wrote to memory of 4352	3484	msedge.exe	90
PID 3484 wrote to memory of 4352	3484	msedge.exe	90
PID 3484 wrote to memory of 4352	3484	msedge.exe	90
PID 3484 wrote to memory of 4352	3484	msedge.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\test.jpg
1⤵
PID:3852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff03853cb8,0x7fff03853cc8,0x7fff03853cd8
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7100 /prefetch:8
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2928 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1336 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7240 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
  2⤵
  PID:200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1096 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8084 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7576 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1908,13290276326217265447,7186336178833406939,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3756 /prefetch:8
  2⤵
  PID:1080
- C:\Users\Admin\Downloads\Wave Browser.exe
  "C:\Users\Admin\Downloads\Wave Browser.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:1596
- - C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe" /install "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    PID:4084
  - - C:\Program Files (x86)\Wavesor\Temp\GUM2E02.tmp\SWUpdater.exe
      "C:\Program Files (x86)\Wavesor\Temp\GUM2E02.tmp\SWUpdater.exe" /install "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Checks whether UAC is enabled
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1036
    - - C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe
        
        "C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks whether UAC is enabled
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:4996
      - C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe
        
        "C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:4472
      - C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe
        
        "C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2388
      - C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe
        
        "C:\Users\Admin\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:960
    - - C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe
        
        "C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTMzLjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzMuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9InsyQkQ3OEE1OC04NjI4LTQ0NjItQjU2Mi03N0FCNTQ2NzA3MkJ9IiB1c2VyaWQ9Ins5YzVmNzBiYy00NDM5LTQ3OTYtYmYxNy04M2VmMjBjNWYwZDh9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHJlcXVlc3RpZD0iezg5N0VFODBFLUU0MkQtNDFCNC05N0VDLUNEODI1MUVCOTRGNH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntGNkY2MEFDRS03MUFELTQ2MTAtODBENC05MjUzNzI5RkI0Qjd9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMTMzLjAiIGxhbmc9ImVuIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSI0MzciLz48L2FwcD48L3JlcXVlc3Q-
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks whether UAC is enabled
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2956
    - - C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe
        
        "C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /handoff "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1" /installsource otherinstallcmd /sessionid "{2BD78A58-8628-4462-B562-77AB5467072B}"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks whether UAC is enabled
        System Location Discovery: System Language Discovery
        
        PID:3120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2736

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004D8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4200

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2348

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1252
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Fluxus-2.635.590_fluxus.mobi.apk"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4868
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3112
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8EF2D88167AA1B6F0B170AB9C1FEE99D --mojo-platform-channel-handle=1776 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:2608
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9A4A4AA9ECDB1704687B2826A568A560 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9A4A4AA9ECDB1704687B2826A568A560 --renderer-client-id=2 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job /prefetch:1
      4⤵
      System Location Discovery: System Language Discovery
      PID:4400
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7A2AF97936589E3CBBF880C827037114 --mojo-platform-channel-handle=2348 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:4356
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D4252B2A00D87EE97AA5A936448E00A5 --mojo-platform-channel-handle=1964 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:3384
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B441F593257A4CBFE953858994BB17FA --mojo-platform-channel-handle=2472 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:2388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1764

C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe
"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
PID:2256
- C:\Users\Admin\Wavesor Software\SWUpdater\Install\{819E0D03-8719-45E6-8EA9-3758AD42EF71}\WaveInstaller-v1.5.18.2.exe
  "C:\Users\Admin\Wavesor Software\SWUpdater\Install\{819E0D03-8719-45E6-8EA9-3758AD42EF71}\WaveInstaller-v1.5.18.2.exe" /installerdata="C:\Users\Admin\AppData\Local\Temp\gui70C7.tmp"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2584
- - C:\Users\Admin\AppData\Local\Temp\nsb7424.tmp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\nsb7424.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\nsb7424.tmp\wavebrowser.packed.7z" --wid=qj5qes18 --installerdata="C:\Users\Admin\AppData\Local\Temp\gui70C7.tmp"
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:716
  - - C:\Users\Admin\AppData\Local\Temp\nsb7424.tmp\setup.exe
      C:\Users\Admin\AppData\Local\Temp\nsb7424.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.5.18.2 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x7ff7d1ba12d0,0x7ff7d1ba12dc,0x7ff7d1ba12e8
      4⤵
      Executes dropped EXE
      PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\nsb7424.tmp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\nsb7424.tmp\setup.exe" --verbose-logging --installerdata="C:\Users\Admin\AppData\Local\Temp\gui70C7.tmp" --create-shortcuts=0 --install-level=0
      4⤵
      Executes dropped EXE
      Modifies registry class
      PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\nsb7424.tmp\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\nsb7424.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.5.18.2 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x7ff7d1ba12d0,0x7ff7d1ba12dc,0x7ff7d1ba12e8
        5⤵
        Executes dropped EXE
        
        PID:5112
  - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
      "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --install-type=1 --from-installer
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      Drops file in Windows directory
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SendNotifyMessage
      PID:696
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\WaveBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\WaveBrowser\User Data" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.5.18.2 --initial-client-data=0xa8,0x11c,0x120,0xf8,0x124,0x7ffefb99ccf0,0x7ffefb99ccfc,0x7ffefb99cd08
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3916
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=gpu-process --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1840,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=1836 /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2192
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --start-stack-profiler --field-trial-handle=2080,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=2132 /prefetch:3
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4816
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=2324 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4712
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2824,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=2924 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2568
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2832,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=2948 /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1232
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3740,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=3752 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5176
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4460,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4436 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5940
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4440,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4476 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5132
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4092,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4468 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5160
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4652,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4796 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5308
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4620,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4632 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5312
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4676,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4940 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5324
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4672,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5056 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5472
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4688,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5176 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5532
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4692,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5276 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5536
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4700,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5408 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5432
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4708,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5524 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5448
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --instant-process --no-appcompat-clear --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4716,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5736 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5412
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6248,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6236 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5856
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6276,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6408 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5816
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6580,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6600 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:416
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6424,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6504 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:4592
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6412,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6856 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:4260
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3756,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7324 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:6132
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3752,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7024 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:5912
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6996,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7504 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:1604
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7092,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6420 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:5660
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7096,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7776 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:5800
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7120,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7916 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:5160
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7128,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8060 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:5640
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7072,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8204 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:5136
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7156,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8352 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:5792
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7036,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8492 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:5132
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7184,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8644 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:5896
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6204,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8784 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:5856
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7216,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8808 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:5888
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6272,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9064 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:5828
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6188,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6328 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:6656
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7172,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6088 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:6668
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6224,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9232 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:6804
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3920,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9376 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:6816
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7076,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9512 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:6884
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3916,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9644 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:6916
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8784,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9788 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:6928
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9812,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9944 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:6988
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9632,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9536 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:7120
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9932,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10220 /prefetch:8
        5⤵
        
        PID:5364
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8812,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10372 /prefetch:8
        5⤵
        
        PID:5744
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10508,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10524 /prefetch:8
        5⤵
        
        PID:5860
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10360,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10668 /prefetch:8
        5⤵
        
        PID:1632
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10804,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10812 /prefetch:8
        5⤵
        
        PID:6280
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10808,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10988 /prefetch:8
        5⤵
        
        PID:5964
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10208,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11108 /prefetch:8
        5⤵
        
        PID:6516
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10952,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11292 /prefetch:8
        5⤵
        
        PID:6552
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11272,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11428 /prefetch:8
        5⤵
        
        PID:6772
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10956,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11576 /prefetch:8
        5⤵
        
        PID:5656
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10960,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11472 /prefetch:8
        5⤵
        
        PID:6160
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11276,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10976 /prefetch:8
        5⤵
        
        PID:5664
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11996,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12016 /prefetch:8
        5⤵
        
        PID:6528
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4616,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12164 /prefetch:8
        5⤵
        
        PID:6672
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11852,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12312 /prefetch:8
        5⤵
        
        PID:6760
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=12004,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12596 /prefetch:8
        5⤵
        
        PID:6412
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=12768,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12756 /prefetch:8
        5⤵
        
        PID:7192
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=7916,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8948 /prefetch:2
        5⤵
        
        PID:8028
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=9040,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7640 /prefetch:2
        5⤵
        
        PID:8172
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7668,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7672 /prefetch:8
        5⤵
        
        PID:7640
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7688,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8820 /prefetch:8
        5⤵
        
        PID:7664
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7960,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7948 /prefetch:8
        5⤵
        
        PID:7868
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8044,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=13128 /prefetch:8
        5⤵
        
        PID:8148
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5644,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=13272 /prefetch:8
        5⤵
        
        PID:6904
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=13416,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=13264 /prefetch:8
        5⤵
        
        PID:7260
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7920,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=13580 /prefetch:8
        5⤵
        
        PID:7176
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=13124,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=13720 /prefetch:8
        5⤵
        
        PID:6744
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=13764,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=13880 /prefetch:8
        5⤵
        
        PID:7332
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=13716,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=14028 /prefetch:8
        5⤵
        
        PID:7904
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=12488,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12480 /prefetch:8
        5⤵
        
        PID:6372
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=12932,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8060 /prefetch:8
        5⤵
        
        PID:6940
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8088,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7400 /prefetch:8
        5⤵
        
        PID:7652
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=12492,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=13568 /prefetch:8
        5⤵
        
        PID:7932
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9108,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=14300 /prefetch:8
        5⤵
        
        PID:7220
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=14292,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=14440 /prefetch:8
        5⤵
        
        PID:7128
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8172,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=13900 /prefetch:8
        5⤵
        
        PID:8088
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8160,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8608 /prefetch:8
        5⤵
        
        PID:7456
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7780,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8488 /prefetch:8
        5⤵
        
        PID:7316
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=12964,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=13588 /prefetch:8
        5⤵
        
        PID:7144
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=8136,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=14072 /prefetch:1
        5⤵
        
        PID:7184
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=8096,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8128 /prefetch:2
        5⤵
        
        PID:7124
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --field-trial-handle=14492,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8292 /prefetch:1
        5⤵
        
        PID:7080
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --field-trial-handle=14500,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9532 /prefetch:2
        5⤵
        
        PID:6980
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --field-trial-handle=14556,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=14808 /prefetch:2
        5⤵
        
        PID:7372
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --field-trial-handle=14988,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=14972 /prefetch:1
        5⤵
        
        PID:7052
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --field-trial-handle=14664,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=15136 /prefetch:2
        5⤵
        
        PID:6660
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=14680,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=15300 /prefetch:8
        5⤵
        
        PID:6720
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --field-trial-handle=14536,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=15480 /prefetch:2
        5⤵
        
        PID:7296
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --field-trial-handle=14696,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=15612 /prefetch:2
        5⤵
        
        PID:2052
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --field-trial-handle=15648,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=15832 /prefetch:1
        5⤵
        
        PID:6736
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=15172,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=16036 /prefetch:8
        5⤵
        
        PID:8092
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --field-trial-handle=15332,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8236 /prefetch:2
        5⤵
        
        PID:7732
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --field-trial-handle=10092,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10088 /prefetch:2
        5⤵
        
        PID:7828
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --field-trial-handle=10188,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=16236 /prefetch:1
        5⤵
        
        PID:7584
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --field-trial-handle=16376,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=16164 /prefetch:2
        5⤵
        
        PID:7688
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --field-trial-handle=16452,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=16428 /prefetch:1
        5⤵
        
        PID:7716
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --field-trial-handle=17004,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=16964 /prefetch:2
        5⤵
        
        PID:7792
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --field-trial-handle=17124,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=16200 /prefetch:2
        5⤵
        
        PID:6940
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --field-trial-handle=16028,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=16796 /prefetch:1
        5⤵
        
        PID:6904
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8884,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=13096 /prefetch:8
        5⤵
        
        PID:7944
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11004,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=15640 /prefetch:8
        5⤵
        
        PID:6684
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11116,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=17160 /prefetch:8
        5⤵
        
        PID:8108
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=17000,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=15416 /prefetch:8
        5⤵
        
        PID:8140
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8880,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=16032 /prefetch:8
        5⤵
        
        PID:5836
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=17152,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=16800 /prefetch:8
        5⤵
        
        PID:3032
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=16988,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10852 /prefetch:8
        5⤵
        
        PID:6724
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --field-trial-handle=14552,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=14572 /prefetch:2
        5⤵
        
        PID:7644
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=16768,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=14580 /prefetch:8
        5⤵
        
        PID:5932
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=15116,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=15104 /prefetch:8
        5⤵
        
        PID:7544
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5664,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=14856 /prefetch:8
        5⤵
        
        PID:8012
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=14864,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=15084 /prefetch:8
        5⤵
        
        PID:7328
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --field-trial-handle=5756,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=14804 /prefetch:1
        5⤵
        
        PID:6256
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=7164,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12972 /prefetch:8
        5⤵
        
        PID:7760
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10396,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12984 /prefetch:8
        5⤵
        
        PID:6276
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --field-trial-handle=13004,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10448 /prefetch:1
        5⤵
        
        PID:5932
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --field-trial-handle=15496,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=15596 /prefetch:1
        5⤵
        
        PID:5448
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --field-trial-handle=12912,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=17288 /prefetch:1
        5⤵
        
        PID:7304
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --field-trial-handle=15600,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12588 /prefetch:1
        5⤵
        
        PID:7428
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --field-trial-handle=14340,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=14344 /prefetch:1
        5⤵
        
        PID:6564
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --field-trial-handle=14364,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9348 /prefetch:1
        5⤵
        
        PID:7552
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --field-trial-handle=14408,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9280 /prefetch:1
        5⤵
        
        PID:7192
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --field-trial-handle=14304,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11292 /prefetch:1
        5⤵
        
        PID:7484
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --field-trial-handle=8664,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11864 /prefetch:1
        5⤵
        
        PID:7376
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --field-trial-handle=14960,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=14888 /prefetch:1
        5⤵
        
        PID:1248
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --field-trial-handle=11112,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10868 /prefetch:1
        5⤵
        
        PID:6272
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --field-trial-handle=16932,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=15388 /prefetch:1
        5⤵
        
        PID:7120
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --field-trial-handle=5652,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8612 /prefetch:1
        5⤵
        
        PID:1268
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --field-trial-handle=12500,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12484 /prefetch:1
        5⤵
        
        PID:5740
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --field-trial-handle=6352,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=15040 /prefetch:1
        5⤵
        
        PID:5296
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --field-trial-handle=15492,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10848 /prefetch:1
        5⤵
        
        PID:7920
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --field-trial-handle=16040,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=17392 /prefetch:1
        5⤵
        
        PID:1520
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --field-trial-handle=12564,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=15608 /prefetch:1
        5⤵
        
        PID:6232
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --field-trial-handle=7660,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=15388 /prefetch:1
        5⤵
        
        PID:6520
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --field-trial-handle=8712,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8708 /prefetch:1
        5⤵
        
        PID:6332
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --field-trial-handle=13560,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=16916 /prefetch:1
        5⤵
        
        PID:3532
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --field-trial-handle=11592,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8744 /prefetch:1
        5⤵
        
        PID:6372
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --field-trial-handle=14380,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=14080 /prefetch:1
        5⤵
        
        PID:7528
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --field-trial-handle=13572,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11452 /prefetch:1
        5⤵
        
        PID:7144
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --field-trial-handle=13752,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=14904 /prefetch:1
        5⤵
        
        PID:6524
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --field-trial-handle=12392,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8536 /prefetch:1
        5⤵
        
        PID:3956
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --field-trial-handle=11088,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11608 /prefetch:1
        5⤵
        
        PID:9116
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11076,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7984 /prefetch:8
        5⤵
        
        PID:9140
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=14916,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=15484 /prefetch:8
        5⤵
        NTFS ADS
        
        PID:8436
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --field-trial-handle=12780,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=14324 /prefetch:1
        5⤵
        
        PID:8544
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=153 --field-trial-handle=15368,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9316 /prefetch:1
        5⤵
        
        PID:8620
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=154 --field-trial-handle=10996,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10836 /prefetch:1
        5⤵
        
        PID:8600
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=155 --field-trial-handle=11072,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=13964 /prefetch:1
        5⤵
        
        PID:8740
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=156 --field-trial-handle=12820,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11120 /prefetch:1
        5⤵
        
        PID:8812
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=157 --field-trial-handle=14912,i,14456788814372568040,11328866291129024536,262144 --variations-seed-version=15 --mojo-platform-channel-handle=13368 /prefetch:1
        5⤵
        
        PID:9016
- C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe
  "C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTMzLjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzMuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9InsyQkQ3OEE1OC04NjI4LTQ0NjItQjU2Mi03N0FCNTQ2NzA3MkJ9IiB1c2VyaWQ9Ins5YzVmNzBiYy00NDM5LTQ3OTYtYmYxNy04M2VmMjBjNWYwZDh9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHJlcXVlc3RpZD0iezk0NUVFOTAxLTkzNUEtNDk0Ni04REQ0LTk3RDUzRjZDNUUxQn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntFQjE0OUFEMi1DRTRFLTRGNTEtQjdGQy1BMTQ5RkFBNENDQUZ9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjUuMTguMiIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cHM6Ly9jZG4uc3d1cGRhdGVyLmNvbS9idWlsZC9XYXZlQnJvd3Nlci9zdGFibGUvd2luLzExMjA5ODc2NDM5MDYvNjQvV2F2ZUluc3RhbGxlci12MS41LjE4LjIuZXhlIiBkb3dubG9hZGVkPSIxMDY4MTEwODAiIHRvdGFsPSIxMDY4MTEwODAiIGRvd25sb2FkX3RpbWVfbXM9IjkyODMiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI1MTkiIGRvd25sb2FkX3RpbWVfbXM9IjEwMDM5IiBkb3dubG9hZGVkPSIxMDY4MTEwODAiIHRvdGFsPSIxMDY4MTEwODAiIGluc3RhbGxfdGltZV9tcz0iMTEzNTUiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5912

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5776

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:5984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Wavesor\Temp\GUM2E02.tmp\SWUpdater.exe

Filesize
108KB

MD5
57428456c6e6c2ea328c864681db5df3

SHA1
2dc7329e0b346c435b6ea5cf44a3d0a076f8d398

SHA256
ee87747102eba8844939352740d0bb6c4a67f10c2656961cb2722cd42ba99f40

SHA512
40fb34fce07f094fdaf78c499a21c3f534f0c8ae1246b6cf382ea7e63fa08b4de56e6c81eb8fadce8a2e508ae5d03831590a06ffda3d46026fb894e4997f31b0

Download Submit
C:\Program Files (x86)\Wavesor\Temp\GUM2E02.tmp\swupdater.dll

Filesize
1.0MB

MD5
d388d67a1861f9d0cc4f6edfa97861b4

SHA1
ca82fdb6ff39fe0b157100d1c8eec48b73c34791

SHA256
b21f99f14b4ccc78c5e01c269a8eba83ae0c5912b46d8c1554f329a1076a7617

SHA512
71879d3dd7b1b0b169e3c80fd88ff6f656778af85462363202c4f28ae57b547ee569e5b43f55d0446cfbed736c32fa249ba91a5c34e8d9363295be86b1d5a3d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c3889d3f0d2246f800c495aec7c3f7c

SHA1
dd38e6bf74617bfcf9d6cceff2f746a094114220

SHA256
0a4781bca132edf11500537cbf95ff840c2b6fd33cd94809ca9929f00044bea4

SHA512
2d6cb23e2977c0890f69751a96daeb71e0f12089625f32b34b032615435408f21047b90c19de09f83ef99957681440fdc0c985e079bb196371881b5fdca68a37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c4a10f6df4922438ca68ada540730100

SHA1
4c7bfbe3e2358a28bf5b024c4be485fa6773629e

SHA256
f286c908fea67163f02532503b5555a939f894c6f2e683d80679b7e5726a7c02

SHA512
b4d407341989e0bbbe0cdd64f7757bea17f0141a89104301dd7ffe45e7511d3ea27c53306381a29c24df68bdb9677eb8c07d4d88874d86aba41bb6f0ce7a942c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
dcf42fc7c8989829cd90daaf7653dc14

SHA1
6b2ebe2e31a9dfc8b7656c5e903a61fa743c96a7

SHA256
1663e89cb579b26a30271c29e9342bacd80783ce1239361a24f79d24de271969

SHA512
36c791d5f5e5af50e413d000d4caf8b6dd515bb6fba96c6c8c8c3eda54c08bacb940bdb9b9a6b1f205cf144cc894d71ca25b011af899a7244e645427af97f8de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
027a77a637cb439865b2008d68867e99

SHA1
ba448ff5be0d69dbe0889237693371f4f0a2425e

SHA256
6f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd

SHA512
66f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
43KB

MD5
d9b427d32109a7367b92e57dae471874

SHA1
ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39

SHA256
9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3

SHA512
dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
27KB

MD5
09ac9c9a95dde9d928585489b55a7a53

SHA1
a0930234469184cebbc08e399bc4d7ad9003b2a0

SHA256
a2b2e70072c91efc39fce757a94ccb51cb7de56c2e2accc7501947ef0509a612

SHA512
0b6d68f9b28439a56bd0fdbd391f8107023117e985a7087dee483e7dcb998897db2e7ec4cdbd551f6546ec648c2c1b8a4345562f9640bcad14fbedaf2730551a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
10.8MB

MD5
27ab99c1dc4c14ef32fe87e9f6005827

SHA1
2303aca2a302aa9675ea5ee4d641f06321403e05

SHA256
38611eeed3ac2e4864355be75a0970aafd5f81cdb6c3a02110b5ff615613f211

SHA512
9b7158ede4850496f8a9c529c7837912186b88daaec876c302bd62fe143ad7060aa4686a98bc9cade0585ff04d12e2a859efc29b1bac8dd0747f0dad4ca0b92d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064

Filesize
20KB

MD5
6931123c52bee278b00ee54ae99f0ead

SHA1
6907e9544cd8b24f602d0a623cfe32fe9426f81f

SHA256
c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935

SHA512
40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000076

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000077

Filesize
125KB

MD5
53436aca8627a49f4deaaa44dc9e3c05

SHA1
0bc0c675480d94ec7e8609dda6227f88c5d08d2c

SHA256
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

SHA512
6655e0426eb0c78a7cb4d4216a3af7a6edd50aba8c92316608b1f79b8fc15f895cba9314beb7a35400228786e2a78a33e8c03322da04e0da94c2f109241547e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007a

Filesize
62KB

MD5
0800f316866f3b20e5443bf0b6c133a2

SHA1
0c26d720ec1078b683068d5586b3a204ec118bba

SHA256
8bf6fdda34cb70a0e5abb753af6440a64d37ed2fee81ab1d9c478f7d77aff84e

SHA512
84d9961ef0b3890094c0809750708d57ab23a9e21f76fbddae37fe04443b44c693dd087e51ed06e5ea2900f1fa7f2bda76f8991d3f8396dacfaf923438e48d75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000083

Filesize
20KB

MD5
6959c9f88b6fb8554e6f425dde0672b4

SHA1
b7b9f19568b87b28475a84e85e4b21ce970a8dda

SHA256
4a1f68864b12b9dbb0d41320fbb3f6b96cae14ba4621e6b50f1de88a4ab21d15

SHA512
f91a0d3ce5764a291a0a718c4d5b94abff4f272d23586d1d46fc93807608c48e173088936833779b862b7ed661bdf03eae2185fa134dd9d4d52c4f7d82645734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ed5550694a3d108ea0b6afa433bd45eb

SHA1
a1085fcef91233a23c990dea9324508776e14401

SHA256
216e6fa792bdcf4c93b2339b3309513ff5f9e0f4fb933165690c7921a5ded215

SHA512
2df0ed4f1b763b5ce1dbbeb236cce5ce856328e1bec58aea343148bea024e1ef6346eed3838ec54701ec69cddc50201765df25bc005f1f7d616d0b618fab7b98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
ae3821747d13cdf6daa63ad11c952924

SHA1
91577231247945b405f6fff168288abbea175f4d

SHA256
99317a9beb83ec048034eee7d1c741f4805385e73a0bd460553eca8f40af8f0b

SHA512
1a41570defc1c7a20043d93277bc022cca264f2f2829de1cd2d27dd2ba5476b6034053ada2c0a3ecfd9e0cb19f9d672f2c21a0db4a952b8c9ad48da8ab5fe5ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
a195e72aed711150f96359992552e16a

SHA1
b66414e37addcd1ede81704d6bac0cbc039aad1c

SHA256
02aa3725883c8c9505ccd95dc983b8387efbce9a468bf393bdff242532985d5d

SHA512
4795c86e95e59751153fec17b6dc414ae2dbb2cae79a0867ceb78c53a5d5d4ad8d442a3a49ff6d21dd6b81d9c0223719a662042951fe884c2a62aab3d0e3e68c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
a5048fbcad0419a07a61a6b9c2563fbf

SHA1
7103aeb01d942afb6d17c3ff6a0c0d0d310964cf

SHA256
edd5665ee65a5df3244da602df58add28b40634b50caa08e13ab9c1112f2ba87

SHA512
004583de7ff423e1701683c5fe749a0833229e44c5fb3f72cb6f1810f7881668772f9d18970c9d4e9c190fa2b42ac4dfe3666ac0ac11184d60503f527f0a24b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
fa62792e61988b7cc1ed2b265a7df83f

SHA1
1179c62fdc587c63e133ef0ea48a03831cf18e20

SHA256
73143127679ce97db81f245a305b62c6869b508d4289e725cc92d615ce522222

SHA512
ff3044afbd4d5d79818ea51f35448e7f2c0945949f0cdaee484d7092ba876d27125fe2cbf2bf5a0bbf6d9a0efec6554f9923463166bda11da882a63999143923

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9b9d8e0cc4fd3407b2b2df174c32c939

SHA1
5de5a696ae1d460c47b0b843149bbc4630f795cb

SHA256
7b6d5c18aedfbbaf93b11288263d903ad5de7a5f071f4958aa06bbdb4175aa32

SHA512
ed376dcea305577e4324100d81dc3f2943e577567a6915b35c7f6e9a65bf25b239e95988e6f18478b844e9fc14b053b507dbb85cf3838ab988673763dadf63e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
6d79bf0928499ad839c0295efe20664a

SHA1
731da02f3cf3de6cca46978edcc9dae923b9b9b9

SHA256
6f0a854519e3ad00be9defc496aae0067fad7e6df5c95144c2c90d4457d765da

SHA512
470de84934887144ce6255da9e227be360b625381d916c20c98e38ad49a5b49b6024774c59ceebcf55bb0951fa3b752f7c5e105c52d36c598ce5e98268606f2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
ccd9cc92070d21c619f11244ec083508

SHA1
277cee55454f361d8b9f715d2ed85eb5c50285b3

SHA256
ca2f1a0d57dcd8ba32a25480714a2bd7ca2fcfd807f63b7d7e99b54d2ff4d8d5

SHA512
818bc25e455207dde0c7b9152f7010c6e8551e86022e363fe038d25aff94932d9ae24dfc74bb26f9dfb45486bdc1dcacc935ab9acc5a84fc3a7df2cd6e051d4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
e22991c15e269662def2606531fad64f

SHA1
c91933cab3da18bb6b42a67f48ef61d7e56e01eb

SHA256
fcf740e0bd7139c4c025caebfb1cbc4f44abed8213ea074185dd02bd3ca3f93b

SHA512
5d3cd1541465cb0317e09554a37ed22fbf484129b6d09ea67b3a161a7b8aeee21fac41cb97f802792f2a7576354327f57260346b0a23146682ce42d72c21270b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c4adff9f6d5c1311675a4a3417800548

SHA1
91499c217371adc7e120ee4a393d8ce3d5691ab7

SHA256
55a423f54f2802dfbe9f2e89325f3a48cd326e0675197c58f4a7c50c7a872efb

SHA512
a6418a640e8a45a4cdf3f2843c36e17041b04ecc4a07fc7ec764522a97f85f813df196cab4aec1fbaa4e7bb62f49136d1453e950cfcb2a70d4330bf1e87fccf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4f48f05384f928136b95fd26e3adf29e

SHA1
6d0111dc4bc340574cddddf6e1f77d833dd35559

SHA256
c68120cd33f0b2003f97f56b51c0cdb527db8a4a06fa277c260136cfd49e326d

SHA512
97a5eb4fcc156bbebd04c0634696bb86e48559ef95e5cb6a732b0df4ae05fd6d5caa753b14288eefd585760b7952eecaac2df00bcccb62bdd700f95610d88557

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f3282e1a347968a6eec18d410819f422

SHA1
2b63195cf054ec40df58257c90793503c6e632ff

SHA256
39d6556188daf03adbdc71be407f7fbdf4943ac7b040b2e6fe5154e876e10dff

SHA512
4a665355bdeff42adeee9b129e25d8cb0949fbd93ebd9cae887782b4886f5a049046ee631530795746cc4da94eff08b03ed312e60fa4e437a28743d725b86c50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
2fa084f6a1642a58d4a51d0e96b55199

SHA1
66418fc127fab44500307a323a4703263e68c929

SHA256
e6380b1f4b5029a174441e92df56e1f87ba7ff9b2e55781ae94a831341691d5c

SHA512
db278f985099c4a11da3e16ea8903608cf6529a4e8e0dcc0c6f307f6ca9438bd2c6d8799c1362e79a4b70116964a77d890969c3d4fdaa6381227eba5e7568e2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
d8edc9dce8651bfa147d56c1e0a7ec95

SHA1
4e07e5a3033bbfc083ae17be0c2aa682628d8fd5

SHA256
63089f0f04294603443c0d74ea39eab10557ea55936250f0b2ae697e01dca38a

SHA512
4cf0058eed1a5a605f64711b794f9cd62499c34d9c0a02da54be1d95d13f65b0e33a303ff003ebb21a9a7b2732c033c71216441a543c0f991557b1ac1961a14d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4ba7f886bdef46e4d6c9af07cf25cd9b

SHA1
8d0cb06b38f81dc71db0a2534dc0fcb4833db579

SHA256
7fa311b4b8703da055964c7012b16b3c0ce141bbf5d48c1ddef2634ab05a75e7

SHA512
f04e518ab36479b8e0db6d20c8db34b3cf53edaaf49fd36384e3a4eb68b28f2b2372ca37c45fda074f2591bdfac3d895a59a23304f246e11378f02a686433533

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b3a243a83364dd0dd211502d8b493814

SHA1
362248cb52123729dad3a039a54120f07d6a109b

SHA256
2213fc54d5802b597040950128544e4c4ebf7ea63111d9d30f75cac7262ffa96

SHA512
c8528d72809edd52323733dad9e0b7b6e34ef6f0677f76fc090d493c893c3805ffa92da8dba71f2b1460160729b8c2534abcba2bb5611384eb6de3e81849f847

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
c1ba5b064e34d4c7b08e77b352b70b2f

SHA1
95414b08e6ea7b99e804cc4e417d9100bf026f09

SHA256
d7efddc09dbab90d162767a5b5fc538a786b55e579a71e3dff8fa757fe2f3b37

SHA512
38e071c83aa6a2eda0c7959ac6f80071944c153e2bf39e3fc0cc8e6e1f94334f16000f344a8871a4e134b00e45cd33a332819aae069734f4666df4405dcde725

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
acb67078de5c8ac5b301d24e8b4a92b8

SHA1
cf01425fa5c0f2590e755fffb9b89d5e85e36d8e

SHA256
76d95b7af63bd9f542a055bfdebbe2e981c3d6af352576efdb0d243fb13b0879

SHA512
b01210c2139342b2257979b45d3ef04b4a3186fb231eaf898fdc5bf16f7716f395312fab0fc5b2936a05df9549605d11ed0c74bcd4b71d87621bd330b7c783e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
e3332bc92f4a3efd7ef33c0d03022b65

SHA1
6764cde8bcded7b0d8549ac89f42b0ba841f8a6e

SHA256
c5a5f215c459109578ec444dcadf5b4af71d5166e33a00cc756bcd49dcab3cca

SHA512
5885535a7128451326d560c6c7bb44cc9aafbaa3cdc21468224965477db29dae648460729f0acc5581b6a9d7d6539337ae6a88b776327356b122adae47ba71e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
85934715bd17e231a00857acf0d60cb2

SHA1
14cac287f2c50c5781402f54903639baa03261bd

SHA256
46646ddbf53a26fa9ff6a965296b83501abc29234fba517dff7d93bb43769135

SHA512
5b83998ac712e429c455ae8722a64a9c774c699991fdce7880892ad9c2abfc29dc2a076b2de887196a4079d20246080c1ad60fd3c00797e00f3e872bf420df1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
58fa00c90cb84f5ebcf322a536522c03

SHA1
6a6c9ca8d04f115ebcaec44cee51a592fbb35ebb

SHA256
607e19b4a864b2a9f7d3cca00e75341bf61a7532ad6baef2b46eb32dbdc76a6c

SHA512
8211e118ab9eb8ad5caa5503aa27c3f47d594a3355e655a3dbf3ae95e2306ac7d66f9a8ee56263d685dd7f073247815fd4ddc50cf693bc6d34aac906b9c9b44f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3352bb4a5de082a99e0a1e8fd5b56044

SHA1
ad5f7ea9ca97e2a8b7de8730f4e80f88505458d4

SHA256
e81a736756ec4ed74fee5e7c5bc5e006c579dd92a34ecd34f5fc59d515243a6b

SHA512
93dd6536f501f7d24c752de5908bbcfa1506aa9cbda85d0df56d9e907284d05c2e43875e1200e9dc38a3844e5bd615d863f4725ba93aa15c3e7aa3dd1fcc515b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9554e7e15272735718fb004e21f68276

SHA1
805fe08b7bf6a873115b8324953673b39bd8dd90

SHA256
9ac83d3d99ace7542b21bf6d242e2314c1df6d566210261cc9e725cf6edd36fb

SHA512
c2764d560233b211798204a7104ea58a4bd27c7834e8eba84bfdf0a3f50d607af34a903b5363d908dc924b8e9b463d2dce8e9e71a820f77e23d248c74fdc1f7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b3988b5c7c40dc407ca61685002fc14a

SHA1
fb85a4f392cb80da0127db51e8e0561a7dd07998

SHA256
01b5b71b14739434224100ff5baa71f9633f2f976e60079cee33b0d5e22f9bdf

SHA512
4f74ff1e6c8df874ba44d576b798b3e4a13e6b38a74cf70f3f342fc81b1a3bb606d34bdada63ff4105e94dcc927e4f976f863cf82a5c253be5d2dc91b1a7162f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
e705133fb1e83e782cf76ee8fd388b63

SHA1
2af23fe4b74db8da89f42136c522a385ac1ae13c

SHA256
6e18315aa37521263ff0954778cc3a8f722db0a89f4d66a59659c6e48c41b7d4

SHA512
a5b1ca1ef30c82dc739e05f64023200624f06fb8b8ded02fc90abb2be0cade601607c0de88ffd26c8764119a71acf24729490a86b740589fd8d29fd481521575

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3c1d302f3ca6d06142f1b7c9bce5415c

SHA1
0117c8b81959851c2f062cd64bb4df9545d65653

SHA256
ab2f88741d44da14bc9affa81d401484bb8f504d73dab835be4ebaef4370540b

SHA512
662a6c47a2c1f1c2413adaefad4a6245d670c1153c5e368fa83bec7085ad7232daaaf5d90556ad6b01c9ccbab4ca040c37a699ca48ec5b79f8272df0346e9997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
8b2519b043bbe1609af7ce05a8bb0be8

SHA1
0dd9ab1d7196b0955056d238c40e2def7930c441

SHA256
bbcd02f324344a0e4361c7007dd24f0722352aa170c923687ef38d420f2bc296

SHA512
4d30ee88180f83f1da2f57d824685929b55d08122db05e6f29cd8c697bb7ea295d09527357fb1f16d6b3ebf4981535d9671a3967c8f0462741e06a8c0450135c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a04b43c337feda9b5c5f26d6ab810a3a

SHA1
0a1e6c399b6ccfe9ce038bf0fed2f860db58fff8

SHA256
10d03358d2e812a5bd2f1415983d4faf579400925d731bdbff75b3f0c98d3686

SHA512
05a93b55290e8253ef834b54aa47ee0d1c583eb0657f247ff945c571e078672829d8e2fb8e0a810e25e89a366e653e780f06a6d26d20a8c129d4ac9aa13a72d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f0efe9daad3d3ac90f4200617d837bc1

SHA1
f672b9f5fdccf93b17acbb98dd3596bc4563a4d7

SHA256
fbf8da8d699d8120fc2b382aeb05532dda11c301211ae8a0604095ae22254380

SHA512
f912c6b19d3c00b6ec3e31959c9fae14e7cbfb3a280a8cdab218bb065ec8d2c054cf6ea6efc8e1a01ece6a37cd542ae414e99daa446edb7bc87574bd077bcfea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6d4ad82e383e390596b5654b57328775

SHA1
0a9cc4641f9d4b6111babaf02f1e01a6f71b376e

SHA256
51abf1d429f617fdc4117bfc6bca8ff8ca35f1ef07203189a533fd7277d6e018

SHA512
3e86070dc0a6131c54e1ef82c2e98279db92ed667b3672108a55e1248168048908c9464e53cb004b6d2fc175af7ac1033f67d6956855e1b78300dabdc1ad6e10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582527.TMP

Filesize
536B

MD5
aca5ad78e9d77b4d273f9b06c6743b5c

SHA1
c9faf50f7771ff041973d2d2ae7a09eda6e0a6dd

SHA256
8988c5a5066a0ce85e99f5179f6000ac6b569d958dad665b9ad40942be2ff67b

SHA512
d7d66be2aa6fec31b84b830a8c65a37ca1e84df7c5fe1a3aa2c88baf15bb6c736a7ad66ba3b3e73b583ce44c21abbec5b186e84fffff0ff61f88c8ff9f70c2c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e419c460-61ea-436d-9dbe-f079e6e1577c.tmp

Filesize
3KB

MD5
bab58f3f0c6f9ecb235a7ea5d7d6e2c6

SHA1
1ec9735f70ae29a7b8b69cd839b58266caf1cb83

SHA256
d96f11da2ad8709f9cff46120906734dbba0cb97517b2654a1804c379fcd4667

SHA512
f7b09b366b42799595a54be7549f789a50deffe8fc4acaf3f43797aa4e060bcf9dc1e21a0705209e15264b955f4ee207533f75a864adece8e5b931e79ab641d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3398eecc1da5ca41a8fb7cdc8c4abaef

SHA1
7c338be7f23300b202926f769cd4d8e4a92c8c2b

SHA256
72cf0fb2d3ad2ba4c6b1bc70e4e30773f05f2cb0ba28319785134d3cc5d3acb5

SHA512
6827e05c4e4198d6f8877adc1db6845c3c06defa8fa0da0f837b894f623a32985bb58ba9a8950683a0bdaebdb2b5b9d317cae86be89707df758b7a57e25f73ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dbc0c5f9bb3a0c06b94176f8f2abbc1a

SHA1
2f941005daeead555aa64c4ecd745794827ea9db

SHA256
f9d03557649bbbe21e97306e952fcbaae92eea38cbb9dadb98f30f534d4d6279

SHA512
626599687a089c0083bbe4653dc580b3682daad06613cbf30c075965628c8c13728a00ed7354015581e386ad666c74b7864b1943178fed66dbf06386c4b840ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6fb635e0e4d3469f40787c4edc3f2b36

SHA1
4191ca87b34fde10bc8f19a50272be8bfa09da93

SHA256
6e7ef68b6ae94fd93b3b7f76de72dd82fd9cc9df962db8aed913a4bdf77747aa

SHA512
6f111ccfe76d4a001c8bc2423dad5d5bd260c7573f1c64d8d689bba391df125e5c1e0f9b39f8db6716569611f8c7c265616749359c7c0262836f2b600e1f9952

Download Submit
C:\Users\Admin\AppData\Local\Temp\217b3ad8-f6fc-4119-a848-a11669a34379.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\6f79be6d-66f4-464e-881d-d7fa0b820740.tmp

Filesize
856KB

MD5
04398d23bf4733785de3a5ca05ad80c5

SHA1
72b193836a47aa3f0b7182de92a6a3f6f862131e

SHA256
a89ea036242d4e3345ad54ea9bcdb5c73ee5b78fa320996398bab4ae46cb578e

SHA512
1e7ba8e738c16af9267e7f9da427c23f2159214839d6e59bff66228375e9c7aea0f86c1ebd352cae248fd8508f762c1e81dd680e27cf7c1b5bd8084ab383148a

Download Submit
C:\Users\Admin\AppData\Local\Temp\832fae01-8d8a-4e07-9f99-52aebcdd8373.tmp

Filesize
1.2MB

MD5
7a3bc6142be9b7c9664464759974c08b

SHA1
7055fe5cf3e31a24687c3fcbc06394eaf097c6ae

SHA256
446839b455f486943d42e46c8230b6b00d59943de94449fc418ee626aba4dbef

SHA512
c881916068cfbd73425e1a6662d1049f02b8f1ed34b8546a9555d43b2b05ac3507e94f996435123a7694a2f2ddc4ef9f97d839b9a9584ae3ebca37f1b45d63cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe

Filesize
796KB

MD5
18693249f3a283e83b8179e692ffbba9

SHA1
546c0d89f8c8096d22c6f6be7e843cf5ce08e220

SHA256
3d828bcccc628e7096856337b178da5608a6c3db99383374e6c49d50a1895e64

SHA512
1ab246fea99daf75831f26930d458a05ff0efd5f9c71c9c4396681a065fcf9f5c04af774df34ad55e140b71d41e42254ee2d9dabbb18009800bdfc62170a8c39

Download Submit
C:\Users\Admin\AppData\Local\Temp\ca4f8894-60f0-4a97-87bf-eb5df75b6af6.tmp

Filesize
187KB

MD5
3008e7672855a4e6fbbb835c2a4d3e18

SHA1
fd1cd9538985773ef4b6b1cca8f9bb99e76fc8eb

SHA256
cf40f88d5b46c423f0243bd7ce1adc39bf52f19208eb763f08c36388068760a2

SHA512
6e1752f5bd155670c8aabe0ef97631257f4f2780b080978251df7a7bb0b18d1bea25dbe27a4e2a37cd77df3842f6b314001df5077fcd168d87fb239985f4e153

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4bb73d8-9ec1-42bd-9c61-864214093e62.tmp

Filesize
344KB

MD5
9772cf99f14ea49a1696d332d5fefc66

SHA1
9f77dbf43b70767f316228be37fd1e2e0b1ec1d3

SHA256
03ddfcc1603ec9669159a6398e586d7f54bc3146fe265c16647b2f5bd8758b70

SHA512
6f5b2c0124ec7d4a6038a51e6d5d8ecdf3594aa37e9973692bce325789ec276f02f4679606176e36db84e9eab0e2524e1039fd1c970862ab9da5776ca650b310

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5176_1785560554\Sync Data\LevelDB\LOG.old

Filesize
323B

MD5
ee83d3ca45cfe083fb5b07bee7cf147c

SHA1
07f91e3f67e7594973fe3da3a5a2de8e6cecc267

SHA256
05298e8332c339ff6379206698f3cf779d4e55ce8f7350add339dda4324b48e2

SHA512
d724afc9d0b06e0b39a5560d33cab57c37c67141de4e9fe44f476123ccf6c176bbe801ea257e89483354d6bf34ce84633a802b00cb2740d1a445ac3b5d195ca7

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir696_1423320623\CRX_INSTALL\_locales\en\messages.json

Filesize
162B

MD5
bf28ef9468e4e1cbc5f3e055adfa69e5

SHA1
d5cff2ec3851f3fff649d688919f9f4f8511420e

SHA256
0e86dc475bac19122a3134a18cf8af26b83831df3346bcf5093739ca2891b4b3

SHA512
7b37e27f56b8ef1aeec6f25bbe7336ad0bec837af4390e47932adc67c9ed873c6b7cb5d643b39d0b6f383d79c7ee0ab8aa39e70f894ce8f2b90a884d1325c3f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir696_1441515181\CRX_INSTALL\css\fb.css

Filesize
40B

MD5
c862cbbc1b82064465f98482ef73948b

SHA1
0e49a12b9d1fd903e0c44cfe9c9db0ae7a5b50fc

SHA256
988dfba4289e28ef42d0ce93bae58926ae7a9528de7bdf97898d1c2cd2f2016c

SHA512
12befd2966f25464dd21377d89b5d3c9b8fd9abaa8f257fe88bd1d80759fc5375439e6160f99dff7ec7a61135d9616992b611b63d1a6e094fe2eb29e23420559

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir696_1441515181\CRX_INSTALL\js\cs\fb.js

Filesize
3KB

MD5
35a10dd7924dc7a4205fb3807812896b

SHA1
53583f9a14b35a9529614f7cb8c2f26a3a2a31a4

SHA256
43cdb582f3881db7584ba1cab29ca88c74bf51819033ea88a02b0614e398ee8d

SHA512
a7220a4c8cf583c334d78c108b7da9402a79eb2c57c428c5f740f8b2c6c19ac1c761da8d57074f2b9cfb063da84410f6558a8b61f978d536d9ac48428448a681

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir696_1441515181\CRX_INSTALL\js\cs\lp.js

Filesize
3KB

MD5
b6ddadfa381c9d9297812d2dca3d92bc

SHA1
9f83febb785d4c87730164f7cf020d036e0e11f2

SHA256
6b2d97ac7dff812bbb826852feb506a4a300b7876fd6985e6b8a16ad710efe89

SHA512
d89a308fc1b9b6ba055e88ac91a830169547c8aea734a773762767fe4c6a76033a8d3f20b8e82c094239d25c8e2f17e4c9b1bcd083d294db368aa28f2cfe85f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir696_1441515181\CRX_INSTALL\js\cs\native.js

Filesize
1KB

MD5
8307716154566dd5d4b7f87f7e536824

SHA1
5b746f1c97a036b190d4cf1db76760902ae1ed87

SHA256
a7e44db42aa52a276edb6a2dea7dae1a8d1f683ae67d0179b5930271e3138d12

SHA512
8dcd2e9dea6c147a4c9578b42fd1613a55e790d3a6ddf98809f123cb06270784b0c0e3ae27bf2957e6066fd8bd831cc09777270e2bb8f6f7c144721f95e3c5fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir696_1441515181\CRX_INSTALL\js\cs\yt.js

Filesize
1KB

MD5
8e84151e901f61a135d941979efd8ff9

SHA1
52841c4272dc039438ce59943489367d1f2e4482

SHA256
738e199707a5027486e17e9bfbd50a1dd295d2d6d5c48ccac17fecaec91b70a1

SHA512
c2e2c027d3655bd549ec59d75cbe307c8e6b66838c72949b965ce2c7ac3c730ffb873a948cc055f6727964cf048d403262e8262c6c6559410ae682e2963c013e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir696_2098802903\CRX_INSTALL\bbddbf12672a339b7dc0.png

Filesize
103KB

MD5
d6506d55722e451f4d13151ee693f680

SHA1
9b2f8a60d9da27b05429a9ab30d62c1c518da669

SHA256
d496c91adef2aa2223dc421188e0af4b083e052552d3a246e62d36483ffe269c

SHA512
55cfea26435d14a1bd5486167f79f1e65bd965e3aae05be36d61e0b38f813012621b8f2d32f2f0087f41009ab579def4f777ba5268deeae1ccbaaf9665c7120f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir696_2098802903\CRX_INSTALL\contentScript.js

Filesize
6KB

MD5
1468a1a0ff233c86a8e2907d68340386

SHA1
b8967319c5608bd85e7f9a4dd9c0f84c4c27a1e9

SHA256
39842949b7fafd93d429c76c2866a7d6f140d3e4c5a3777304ef80b4b3167e51

SHA512
e0540178459087302fa88472f5b5d62382273b1babb26e932291cae875c9c8c0112149805992e337efa397ad24379be763cbede2d0c3a417af6b6d3adb86554e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir696_2098802903\CRX_INSTALL\d3897737645de49087f1.svg

Filesize
10KB

MD5
136d1b4bf4b7adf44865978068718c94

SHA1
3383fcfaf01c48b73f9ce7f2f662d0115577f9ac

SHA256
1f345b3511f67dc4216077e858defc94df174e04e0c917a72f35f7c708b855cd

SHA512
e9d16dabec6a07f7652d97b340cda70f0d7b2893f940278a9b3b621ce0062294e335614dc2f397d4726c866355a176ad0048b272614e36a55247b32c2dba2ff7

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir696_2098802903\CRX_INSTALL\popup.html

Filesize
230B

MD5
8dbeb11860aa56321c607337cbcb86e6

SHA1
c209b2465a5821a5ec9e8d30b90fad362a500933

SHA256
d05e125f910c646a127da2be326c62a1648bc90a3ca682afdfca6a2bfc5387d1

SHA512
1f3ffe249bdf93a935ded209a27436d6645acc83efee224a1d10b934eeda87599a1ea7cf14fc333691e5c5cc8e2ca05534ff41f17f3721b085ca50766b8be449

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b2aa0a767b84f4d3a5747648bc73a72f

SHA1
1fde270dafcab941b9c986c7c697c1f3dff583f8

SHA256
b857dca82a2f5e33fd122fa20f3fbace12c5f57d8802372810f0e8bf725af7c8

SHA512
0e3ffde297a7a2197f8cf10bee342c56be9b68cb285de5ee41146699ec89cd46486ecaf585c4b17dc8b4d4d32d9b72d57a7b847eef98cd8da52aeb52be1d33b7

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\5e9c9533-a161-4102-a2a9-38a11836efed.tmp

Filesize
173KB

MD5
f3d32d9918947cd0ee98a95e6782ea0c

SHA1
7d352e9a4799b5a180e11eaae4a7ef1a6ae51d2a

SHA256
33845d8a8dfe591b8eed4b27f2c47dc856b11d86c6bfec08074662c559ed4d01

SHA512
e4818c7e56b2a7f28610f14f738fe92018528517182e5cfa2e17750796bbdecdc2bca3af71afaad2e27a19a17e487fc321e8e20c286268dfb7a126135817804d

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Cache\Cache_Data\f_000009

Filesize
47KB

MD5
8e433c0592f77beb6dc527d7b90be120

SHA1
d7402416753ae1bb4cbd4b10d33a0c10517838bd

SHA256
f052ee44c3728dfd23aba8a4567150bc314d23903026fbb6ad089422c2df56af

SHA512
5e90f48b923bb95aeb49691d03dade8825c119b2fa28977ea170c41548900f4e0165e2869f97c7a9380d7ff8ff331a1da855500e5f7b0dfd2b9abd77a386bbf3

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Cache\Cache_Data\f_000042

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\DawnGraphiteCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\DawnGraphiteCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\DownloadMetadata

Filesize
977B

MD5
b5df6c8c34028d8a0fc8f6ba608fdcf0

SHA1
9641bc6f68d605d10ab3a5635d126f034eb76b9c

SHA256
165874c35bf22abc029469296b8986317e1d2257965d53744564e15d201aa427

SHA512
4b94a1c89abe206fbfa2a96b9c06ebd143377005bd6dfb85830d8e19d14f56cdf081a1f209968664a2e0109bc4ee7f966477a7b58c10477d25464521b5722ce0

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\DownloadMetadata~RFe5c20ed.TMP

Filesize
970B

MD5
624574df02d53578aa5c7e7e4496d266

SHA1
e6de270f1da223a37c37bf4886910500647efb93

SHA256
c797bb4bd9877db95094d985ee5a63adba7d71d919a95fc0e544c78feebb79f4

SHA512
e4b517cdf758736d4d22cae13f50077167b08ccb354aa7e049b0b2ec50bb23dd9a7bc909979f465a5350c40042135091bce65acc15c13b3f182d99f9395c60a8

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_347427969\CRX_INSTALL\background.js

Filesize
11KB

MD5
9e44b41428e8f1794bd94c1c1b80e795

SHA1
748bfde28c6f5821b1002d0aeb7ade573a69d8fd

SHA256
119bee705656331f59f3c7ace09c7e9a42496742a23f0405f6f1be01cabaea9a

SHA512
a3b48ddff3aa87d9bf35be67769f41c3048a257dae0779472692ced66e18aa8c1d7a721a5aaed67e95aed51df4e97cfac4a9d71e29add23675706d8127e12266

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_347427969\CRX_INSTALL\icons\icon_active.png

Filesize
9KB

MD5
ed1684b544f174bedbbe56fff098d55e

SHA1
57156112678c4b69ed91c940acb7a5bfb4fd88bf

SHA256
1e5e0fe10bf786171e13fcb21d64f3fd6065a146d94e28362f9a4d1b748a4c09

SHA512
f85908f7df635a960a117be42e377785b193103893bd569dc74bf5085c67ed9dd947a21648f54aabee43eeb8e08ccf8ba95d275a63801d2643fd520a2be6556e

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_347427969\CRX_INSTALL\icons\icon_active_128.png

Filesize
9KB

MD5
4673bc2d427c607eeefb9d63d354ede0

SHA1
98d5204c36700b6726d24e74ef5d6c413dbcba7a

SHA256
65178d9950c22d956b00e2b4dae250baf20c3ec42bde65bfb592b262e8f1cb14

SHA512
515cd7f8d89395c34958a0494b502fb7e29965cf01320c61c13e66bbaa36c3ef8124bf99537cebe694e40c43bb3c58aac5550a4348e0e95e40098b2856def96d

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_347427969\CRX_INSTALL\icons\icon_active_16.png

Filesize
573B

MD5
77d8a759c443b390bfd3002d9730e820

SHA1
302091d092ca259a9d644ad2ea247018be964709

SHA256
bffc1f1f85bd444c6e2bb1c3da3c595b379c1b52f35af673143c72a3022ff5d5

SHA512
57c122c7080028f67f02ff15e1131fd250be2fb1cdbc14478cf4b52172130cf0ca4548b7134a87d7e6a1c9e3432d9c4a7b13c76608ca5ae104923268cf76a87a

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_347427969\CRX_INSTALL\icons\icon_active_32.png

Filesize
1KB

MD5
43df6293b8620911c69c8a99de75329a

SHA1
d534dde11a7d4ee4cce9c29c42616fbc274fd598

SHA256
b5e86cc3d5e48c2ab42f33a11660bc07868144a37bb9cd363b68f5f59a2c9713

SHA512
24d507260be213562ec289bc7f07ce0a1828e135b336755aca45ce24d16a47d72c9289a3e600490d8651ea0cc849bfd9ca2d37d71302f0bed6022d3f419dbd79

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_347427969\CRX_INSTALL\icons\icon_active_48.png

Filesize
1KB

MD5
342b54b4444668574ab0ef299cf94b04

SHA1
f16a82a3c376c380833b9c2f59bf784405c9b120

SHA256
17283c2e0d6479a0eb653cd6853e6dfe4b5b2222752d0e3561a9c2b3db3eaa8b

SHA512
1a322e20ffd14de6082071efec090d00b2dd7e28194c148b250a7ea52f0cda67cc5a77f71539552fc610d34891cda8d33d558dd21f0d000093328601177031fd

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_347427969\CRX_INSTALL\icons\icon_disabled.png

Filesize
7KB

MD5
9bd3c2b9ef38d034f61a2fefa8382684

SHA1
3328f6ff00107677c6ca25a87e7952c60dbf3a6d

SHA256
d1de05811ac158c96e6c59414031165e4a88eb6b48b593a1d90511a578921070

SHA512
2013c07257192d08d3cc7ed1ed22faa47472389238a445f05ba52258c8295739fa182ffdf41680575fbe6758446dc624f210b32a187e7a1861cb92b5926471d2

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_347427969\CRX_INSTALL\icons\icon_disabled_128.png

Filesize
5KB

MD5
9f13303775bab8c1da2ee041357498b8

SHA1
4cbb02f26fe05cc7d563f00124c067da8d8ff8b6

SHA256
23a9d2a492145a3f8e7d6e6af4facf63c4aa56075026f1e2f2c4969f9cb85db5

SHA512
88f753fe99604449aa8929bf23e4f177694cc17f1faaa3a3ff18a602e4f00c01ae7e2602d5a8b363ef23bd2732f63361873b845e9062e4a2dfe09c952fe541a2

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_347427969\CRX_INSTALL\icons\icon_disabled_16.png

Filesize
591B

MD5
f26a633ef6d8deb06af98c0297dd377f

SHA1
cf5bcbe22640f4e916421883fa55b7be489036b6

SHA256
a4ad504d5604ebb417640ddfdb994822fcdb7c722705b0c4dd7eb30d120ad65c

SHA512
01b5d1047400c6407605804e16a8aae6d35d45ecc8521de635eeb47a5af6b7eabc737e346f5719c8912df0a7a7942c011780ee5c533343300bcfafc72702b922

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_347427969\CRX_INSTALL\icons\icon_disabled_32.png

Filesize
1KB

MD5
e19026ff54589a33003a07f85d55b0fa

SHA1
61f80d7705209f71fe786e949cf8e2b14fe3f5f3

SHA256
3e2a29c243afbaaf66113a8984b23eba192f37cf6464b16b0509353f4290fd5d

SHA512
11b8b217d800594c97251739437867fb614b11384ddac75f5c2866958d3e0e1d47794154f8a686900de8151ac2a7fb49254a13e8e9152eb5f070fad4a5f8372c

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_347427969\CRX_INSTALL\icons\icon_disabled_48.png

Filesize
1KB

MD5
65786452dc69c7f21273519ab9d5cc09

SHA1
96e2b0815d8e74b304f4be725b8746712cf4c4ee

SHA256
02558efb6c057f740cab6e907f6d472be5d538c6c8ab0a2d4df3497aeacec92a

SHA512
bd3087bd0c97b843f3bd78006898e4a796e8ed185fd9e6ca2e40dbae62c0aa6120765bc8539f7bb48d3ba34bafae9a21bea83f6347b7cd57fb75cc826193cc08

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_347427969\CRX_INSTALL\manifest.json

Filesize
1KB

MD5
22ed7d699466b23bb9c77b39567e5e49

SHA1
12c8b60e8756b40efeb6518784e6e57492d96d51

SHA256
f94376d79e56f588f1977ad4d574dadd4172c184662a501bbadc365dca027774

SHA512
22fc94df1794581a21076630567716ba43f7f0795b4ac293462dfe7403ea55c10584dad8977a18cf9cc1a5092ac5ae60c1951b3ca630aaf4168cc79f66e04c57

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_347427969\CRX_INSTALL\popup.js

Filesize
82KB

MD5
6b72531e17ae11282061c035f7a71b03

SHA1
b99ba4e4bf5ec5d611ab56a54f1d8493be99a643

SHA256
1de06fc52b09897637b4cdfb49421746adbddc7e81feb6f5b05513b56b93cdfb

SHA512
418f79818abd96616c7861c256113a134c564e48e0c4a0a83f24700e74634ccf6219440ad64de44b27f61cffc6f80a3e76e502b17dbc09239ddfb5c11ca64378

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_379852821\CRX_INSTALL\background.js

Filesize
197KB

MD5
a4bc45976df2440091fa127bd8c44c65

SHA1
1d7af45f71962ae53625b0f4c302ed97bd50157e

SHA256
bb43178ce7debf9c993a72e764a4719725d92932b05b754f9de5e0e66813a7af

SHA512
8732daa7a3b041a9e9cf3dcb43dee7006fe05a1e2d5d933c6025d78c2d9d5d760e40b4aebb1b33377cd33f2a549a46c152331f4519648c0ccf149ba50ed19557

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_379852821\CRX_INSTALL\icons\icon_active.png

Filesize
12KB

MD5
7025023ed527694b815c4b4518a6a9e8

SHA1
18943edb97bbf5e69faa3e0c92997c9c4ce624e9

SHA256
f5df828a3b73ed42fd72d7c54af685d562cb7aabf61abc7e61bffd8488f72ad8

SHA512
9f9b4af1f1500f5b0f91678215cb76e7e9afc86ff18322ac0c0bea3350d1878ee0ffe94fafb834baba2bc347aba5937cdf39b738b31da2acee1f90186fe9caf3

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_379852821\CRX_INSTALL\icons\icon_active_128.png

Filesize
12KB

MD5
81346649cb8375946c672e32d3bf9b30

SHA1
0c00d3bd8092954d0530be4c7d8fd9dee2e9a927

SHA256
c3a1be99ecfafd90e4710770d50c1260c92f150215f7244d22e5518e6202fd4f

SHA512
83b2af6163679ff038c919d94c5fca20fed3deec5a182f47cc397ffeda54959cfb6846f423a4904845c0fdb035b7eccf5e369496ad1b2b14a537f1bd1d53c0bc

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_379852821\CRX_INSTALL\icons\icon_active_16.png

Filesize
785B

MD5
a17aec844c2ec3e2c6d008711dfc26f3

SHA1
4bf42eb9ae3f6596fe9c1fff6fd3c080244ce186

SHA256
1186fea81c63be4e1458228de1082a7b1c9aebee6b4859853c2d0bd3c6f305e6

SHA512
09eedf3d49291cab2ea0e73f5e7b0cf2ec7ab097d700800e72c8bf90b587f2eb766bf6c329ff4f4492a6fdf9099c8f786c03be4322d11c804d7237152e8354e8

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_379852821\CRX_INSTALL\icons\icon_active_32.png

Filesize
1KB

MD5
4ea619db394f5bdd0a6b999ea4f90a21

SHA1
6c8a2f6def5d420c3a2959c8aee20d02b6487221

SHA256
5ec7e449f1b3b289276a5eb2a3df29b05a821d1644b7a922a4da6027533e9249

SHA512
44f8e02e9d8d7c04ebc846f3c5800c4e0109ff5032f1a2e5999d6e829adc15e71323a2148ad527b86138c1168267395144dcf46d29bbb7332b42e0e6ea531e03

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_379852821\CRX_INSTALL\icons\icon_active_48.png

Filesize
2KB

MD5
c337db6be4c45b2457a8bc317b8f5faf

SHA1
c934300181a555e4b87d2c53ff773a837e4e18b3

SHA256
c56fac799b899785b5104c4b44467027d9fcda9158cbb0b9e7cd1fb1293da6f6

SHA512
1c86d736e62af07978e3645788f8f0d08f0b6914d3b774127f72e6dc02f2fcb828b4eaf2eff61b83cd224dcefdbe6a2b5b96f6c4eebf8da578829fd0b97b02a7

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_379852821\CRX_INSTALL\icons\icon_disabled.png

Filesize
8KB

MD5
74e6dab6dbbd5d5f33528d4f3aa4d035

SHA1
8c4c17f7a4391ad5663aa450ddd70d47c0cee368

SHA256
869e9c156f96d0463156e9b2f28e276a706b9e6b41eaacf41ee5b45568ef7148

SHA512
3ecfafb76bb9983fd3109dc914f66530ee53c14d1a9babd6983befb8785a94ad5707d48f3b33da4b8faf35f873cda98ddc813b0c45eb066b09e0c1765b03a44d

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_379852821\CRX_INSTALL\icons\icon_disabled_128.png

Filesize
6KB

MD5
dc0ee05d8bf51d7fc83adafd09fd303c

SHA1
ae16e45464becb6a5e5caab2b085acb1349b69de

SHA256
84e9fcc162434ce32e0147543d297f785ee68c1a51d9ead1722af63e7f620512

SHA512
56c333c1ec1598600da2abe10c840334a1b82590cf083e7fe190cd4f1f53e19928a536fb00b0e66a4dd33eab712ab5f49d4abb37a2a2a02cce06f60a9657d644

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_379852821\CRX_INSTALL\icons\icon_disabled_16.png

Filesize
675B

MD5
486b9faea77d0864251ef8d4666ade5e

SHA1
de162b46c9fb7fccdcf89a4d8977d67cb5400edc

SHA256
47b21d13eb7e258e884ea3af2d61c2a3a2ec2d94f84171081d8cb9a3a12385c0

SHA512
755ef069cb929db1ef2aeb534a69e0332fa1ac290d070ad35a8045fd9e03d1228b0bd99b9ab0b3b193f6dd7cae827362e0694f21db79c1e1dc8cf8a2033ad26c

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_379852821\CRX_INSTALL\icons\icon_disabled_32.png

Filesize
1KB

MD5
99123906febbaff7bd182013b6cb4392

SHA1
b6eafdfa3bb2ce6c445709b97037c5d42f47042f

SHA256
2fd54e16073f6fcf4aa9a5966acb384706328be970541abcc524b8ba462a0884

SHA512
b23e140d01eae42f9c1a0a25062a4656a6a11ba37f882693a9c7c07539a71ee3619f7b593c93b016cd5a7d97143b75ae08c2cc49a60fd8839af0f976396f422a

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_379852821\CRX_INSTALL\icons\icon_disabled_48.png

Filesize
1KB

MD5
1ab56914d18699507389967e231b0687

SHA1
e2d5b7bb61c0f3b478ba35f12a4dee5bcb0136ee

SHA256
382c9f3a1eaae396c07bfce46aa9b311b281d8f64bf40f4012d62fbe6ab3e856

SHA512
d43bad6a9b232e7445eb7670d162b9370488345566eced88238420e25d7d9cd2050c3c25c629bf3969f23681d337e8ff0008c5ce93b4b1812f25b4346a0060c7

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_379852821\CRX_INSTALL\icons\icon_warning.png

Filesize
12KB

MD5
9c15aebec8ee6361c1ba9a9edeb431a8

SHA1
fed944b15d59b3f69789a2a82da0f1d813709ebd

SHA256
7681cd645c126843720a72e21b3f8485d948c194320910aca06091f3cebf5285

SHA512
1939d8e34a7866d658cd21f96922f8d6d0ccbe5fbdcd93278d194fc9e7aaa3f0d58ce32407cffc3960a6fc5aaf0df5abd8c6e5d61e47faa72fb698c04a310372

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_379852821\CRX_INSTALL\icons\icon_warning2.png

Filesize
11KB

MD5
3bb8509b350f21f21343c2e8a4eb22e7

SHA1
a33c97cdd060f3fd1bf652f5bcbdb1571f6350a5

SHA256
2fa980c9bef20989d200998c632275ea4e5cc2dd1d1c279395ff27e56329f2a0

SHA512
7e0c55e764a53583e2103e023ab003688aa9d44a4f53cc1e586489493285c57c2fda87e83519a2adbe71a5d0d8d80622ad0a73bb27d6fb2a91f348f5872782cf

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_379852821\CRX_INSTALL\icons\icon_warning2_128.png

Filesize
11KB

MD5
3295521ba38f92deadf975a21e239a29

SHA1
7078ab97f03566f57b5403db3bb45047126873af

SHA256
6ba4f2be7251c9379d3ecfbb231464b8fb7b2fcbeae7c63a8d99a074fd1b7dc3

SHA512
3bbd77f8f25e6d5ecbe00acd6c75a992bb4688c835932aa2264b317496cb2257edcdcb88ccee8f46ffbb1388eeaf1f22165923088c76d87c2e1fae2d8c78b67b

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_379852821\CRX_INSTALL\icons\icon_warning2_16.png

Filesize
1KB

MD5
c5d0c0f7f9f37bb352e5bc8c2030a1b1

SHA1
7852eab28175c5f64cf6c9a8e26edf7707133d3e

SHA256
04fe3f3d477e7f5c548871d9e3e8b3064e35996a4063a60a370dcee6a204db45

SHA512
166412cb822fabcf8480f9d5c78fbd6a1e5f83ca6aeee712ce8cfdb4671d7a0979f486bee97ff01365ef7da1ae0790c7ab1d791e9b313beaa0ab9ac6402d4063

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_379852821\CRX_INSTALL\icons\icon_warning2_32.png

Filesize
1KB

MD5
addd7e9683ddfe9502a4c6cb84fec358

SHA1
cd06fe06a9151d7df976822d11d23349ff779d10

SHA256
b3d2181f3652885081501b31c30e6c1d7f6e30ef4378c20a1caabee7f92d6029

SHA512
7a803bc03e36ef5f9639fc12a21da1a602380f47e822a5df879eefc45a3419d20fed4b750bfaab4ba951e132fbe72d7da79e398970f8e6351d8ef995e2bc913f

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_379852821\CRX_INSTALL\icons\icon_warning2_48.png

Filesize
2KB

MD5
d7c76d7bd1c05c82ffe2a94f987e9566

SHA1
01b9351d8320734b8c20ee2533374d820fb814ad

SHA256
8dc1c6ae1561486b4da74a55b74b9470367d5ce040c55448af3ba17c214fcaff

SHA512
584aa9d9ab355326788ffe7f1745e8d7afda5303650d58c7fa85d0ac6a63356b3b2fcfb3163804c42bf7bce549ae4eac7660546e4b495aa4c00bfdf335b679c4

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_379852821\CRX_INSTALL\icons\icon_warning_128.png

Filesize
12KB

MD5
d4ad565db4d1579ee2500aacad91b9d8

SHA1
069747cf07e26049d82afc520c826ad5b3b477ce

SHA256
652a2d5d2406fb45dbdbdd03fbef0f21a3efdf41beb1d654c0989f1dbe40b026

SHA512
b7994cef1a7988aa3120b7224af657468a6eb5f2f9fe8bf329ca2e0d58b170d129ee0a46e30c1297c3186da2486576a5c54ee7d0447da5cc0d1014affd58ffd5

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_379852821\CRX_INSTALL\icons\icon_warning_16.png

Filesize
1KB

MD5
c3d1964e49f8c4c2bed7e6279dc88272

SHA1
9874b2e441315f1b5d372d047178e5e502a3014a

SHA256
48295d2a05fe12fca99472d29de1646628723ff7856e84dcb85ef2f3606f4fb3

SHA512
25f8a9ebebc7e1a1376755bf367b1b5b5792692dec215bf076a837b87e18f08a44c272614d16384473108bc07b1d90a9670a0d006c38557a41fe9e2c4b9c936a

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_379852821\CRX_INSTALL\icons\icon_warning_32.png

Filesize
1KB

MD5
402a2bc59a0a246d2292abc910de85b1

SHA1
e7d2a897066d629e02e29df062063e4b0d8bb793

SHA256
e1dedf486f3073698c8895ea9a4b88e4c2d241fe66be75167f6ce989ea8475a3

SHA512
114042b9e88008f379d44ccec186a7c5ee4a9f4899736bc286841b1d3112b6b7840b651c4a1810540c02d01471799ebb7e2a8cb055109dce7257e0e2ff8e67ae

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_379852821\CRX_INSTALL\icons\icon_warning_48.png

Filesize
3KB

MD5
be6f1c1dc7f6bb33016092b100281180

SHA1
868b191c047e5518789a7cee51ae41a4bf5153aa

SHA256
200d816fdf0e8649c7dbbd63c7088aadb4dea5708afa39b0bfaabf3721bb8667

SHA512
744a443b2c1b246961763b15bea84fe88e82ba93e69fd6f85b3501dd55a32e6f4c24209e8abf067f8b4bb3036f05715a330951a052668d8993b8a5898e7cbddf

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_379852821\CRX_INSTALL\icons\warning.svg

Filesize
2KB

MD5
408375716fb2a77720319b68a8004099

SHA1
4cb7f9007ba4c268df39d5859580ec22c4676c53

SHA256
57590da87b240ea2425384bc4b06c2de9a97d25cd3700aff91827f62607c88fc

SHA512
7f300dbc7a9835dc2f2b694305225403ddac0204dadb9cbfbb5cfdf734aba4f140525260a07b2cdc2caaa3e833ea4d469268641c1ef64bd40180b75bcbefc643

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_379852821\CRX_INSTALL\manifest.json

Filesize
1KB

MD5
c1fc1094d80a1dd0310285a724d8ffdf

SHA1
eec342f83ed6fce6e53b51a7e2f779c0e1ca6e2c

SHA256
45bc49661f5776c00adf7d15a6d5320a61b40dd01084c997b4f3171965f6069a

SHA512
05b31904407be1abc47acb84722f2b1b56d2428a6fb926b264bd7bd4576dc13b31baf0008f192013bf22d9f263f2f6c254b10d6f139a06bd36dbebfbeaf77450

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_379852821\CRX_INSTALL\popup.js

Filesize
265KB

MD5
669f0c4e8887610b9c9aaee834beef8b

SHA1
4e51dacca348d1a898bd697373eb0f829f076858

SHA256
de98670bc1b6d73a979a75789ff1fbae52f307967b899742b2881a9471cdf63a

SHA512
037b4b20219f6f0c82bfb2c18a351af30641c10d320e3eda7cdd4dc258676c8cac40a908c119ed8ca34f4c2b76394bdae3ccb753781fe3034edeaf202042b25f

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_379852821\CRX_INSTALL\warning.html

Filesize
635B

MD5
6f6b09cef174e705e742183653fe758e

SHA1
665574533f57864d79be4de7c99fa7722245d50f

SHA256
c0b2fc1e63b6f7ef9ccdb9d43e4bcbe9865d8acda57839a4016087553f265faf

SHA512
006f99a860a6ac6e23a07e6fa3dbba060096a1f50ff839a8a21a0d6cd114fd91c432b9425dc96b78adb5571945a1d03b5d94af02bbd6127f042fdca45cd3f541

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir696_379852821\CRX_INSTALL\warning.js

Filesize
64KB

MD5
2520c3027fb7fbedeac649d66a93b4ab

SHA1
22f3341f06a6afbdbfcf1ae70773fe74ddef694c

SHA256
b2e000980ddbf4e1f2fd6f7cd5b71143663503173e59a6affb4879d5fbe82aa1

SHA512
865af2d54af5768eb5bb71694c9604afb6622d6dab6534bc840af4827350f1d3780e4def31206ca5a9cedd1c53225b8a4302dfadedf390c47112fa49bcc7bd72

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\dkfaejedefgggmibkkddljhbafdcdgjn\1.0.6_0\dist\contentScripts\style.css

Filesize
38KB

MD5
a2de90a2190cef036f2c6df8ab8f00e4

SHA1
d2c76852071c134e386b54d0163640233e8b854a

SHA256
8bb83055b42d5b706abb9b10afa55c189f2e451acc976c78430c3d91f555c817

SHA512
761d49c55530694df775138dd078c5b7ac91ad2ff561d00df824bb70ec7d63b6e886ff75e195eac6277c535511618bc2c034e2db7693329886b4b87696f7dce3

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\hbgjioklmpbdmemlmbkfckopochbgjpl\1.0.0_0\preferences_schema.json

Filesize
7KB

MD5
a192304f63ef26c80086f835cc4b7ada

SHA1
6963e90e752209132b728a938844c4c64dc94d43

SHA256
4f72309f9378f04b3f1cb8f46b031ff513ac63e5056d96272f2bdc6d39dcddf9

SHA512
be619909cd0c3465966a4018847310c1493bfdecad6f07bb28293f3dcea73dc377f5d52cca040d626368e17828eae28384fe51d20c4a71925c5f31eea8e18561

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\mccchmdkmjpgjlhckmbinjaioihkcnkc\1.0.8_0\images\x48\icon.png

Filesize
2KB

MD5
fd727c2aaa8b364faab1828aae2250fc

SHA1
bca5b2548b009ccd0b2f79c09fd628fb3119231e

SHA256
1a32dcbadab7c91a690879b5425f6815c07dda1aadb6f6a7942b9e895cdecd0f

SHA512
7d21b3133beea16a8713ab8a87ac7b84d8b2a312e4f017a9988e970f7281b9c41dec3f909d5483bba387e5ede366e80c210da93a78ed72b108f65934eef07c15

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\mccchmdkmjpgjlhckmbinjaioihkcnkc\1.0.8_0\images\x48\icon_a.png

Filesize
2KB

MD5
c05285aad074c0872dd78908176b1052

SHA1
b8a5926d153dfbc503a38a749baf9099903c289f

SHA256
9a4a7e0c2969562d5d1299f80317d4560265b4a843cf17491c7d36fa74a91cc1

SHA512
6006b22ff83d0afdc346179a4c2dbbf927efcc62fcf9105fb45efd768bdba62af5839c3efb21e2555e0090639ab2dca76397d294b51db0dca768def53ce00a1a

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\IndexedDB\chrome-extension_gbohaofhodnpniflcnancekmknlomeck_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
852311fda266e01f0df962bad6ce6e02

SHA1
513772f9d9a100530f04917a8362f4099e4e84e9

SHA256
6b15394694149f271ef5be2a4629b5a6fad51d0376800c6ff66edf3ef943d9ab

SHA512
d291a6aa3d48eb7872c1de11e8cf58038a79b9f57e5c11f7213fe9a18b82e4e17d60935da674361e7ac4681133b364dc057637791cd04bb02b575085f4f2d7b3

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
3a9804821257f1159112a9e133c484a5

SHA1
c368d58880b89112efcd274ff048c8dfb4bbdd1d

SHA256
f708d70d38578b1961196efe832fc348e201d0e02c9a7efaa96e6c9943c9a8ed

SHA512
09cf0411ce5f9063b84b134b6730263eed0acf1b6ca0f823786a64ce00c00cd69bd6f0107136c573a00f4c4e32227e892a2f7a80e8939301906a82a5c4c687f7

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\TransportSecurity~RFe5bec31.TMP

Filesize
2KB

MD5
6e3859b2bbd267ec7053f8570e2ac4ac

SHA1
cd3b8af66fb3b7d14b955067c015b0f5161a30be

SHA256
f3a88e6fcc213e1c5525302c6624c8d848f250aeeb917ceae34c76759e7090db

SHA512
0aa5b69f5fc40c6e335924e8d18c34066f80e43ce02feaaaa42a0df9844014320e0936cc36b3c5dd704753b882273ae394ff82f18746463dffb5b1b02a5a1d43

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Preferences

Filesize
16KB

MD5
f06e74f48ad702998432d193e1c07f4c

SHA1
35b256d1e4351909251b932750634d26eb9aeff7

SHA256
0b36cbf6d707e315d23b4d7fde1d341d6a86a552a9d6259b784f3a871a981757

SHA512
fac30c74f11633a9e52ac95f94bc682e78e616eb5b966274936fa8689271a76e5a04e23aebd213e9985b599c70813d1ac7a958fc359ef8e3b95867fe053dd81c

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Preferences

Filesize
16KB

MD5
97c9bea124725e834ff944c1ea3cc724

SHA1
4cac6f63127a1e684d47bca37c1e47d525fcccc5

SHA256
69ec8b8c02629aa51c382e1c27bc05ae5d0e2d4e4f25b165e19dd58aa124bbcd

SHA512
eef8219b57adaff7b95fa535233b352dc4321349a1d0675db40b2142221b44fce4c9fd3f6f06eed71b00b33e0e6d8566f1610f7fb14494e674e8795ca5d38878

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Preferences~RFe5bc2c0.TMP

Filesize
5KB

MD5
354e9d7a51530099c837eca15082a9ad

SHA1
076871ec4e2194e2d283cc4de9b0b32e611b5517

SHA256
5ab60ac26d44487c9a4ecda486c8aa46f8d0f180deb187b13737ee030bebbbd5

SHA512
16957cb22d3c8105f0cc9b2a3929c294ebfaa1734a24f7ae17eee71e6d96b631ca2c97ad5effb255a39aa53784c3b445bb0d2d1daa26497a1de8e8988ec6ca32

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Secure Preferences

Filesize
48KB

MD5
91e066fb96b3f60f42775a7ec16c4605

SHA1
8fe143d08298513de4fba1e47ce5efc2b876cee0

SHA256
4a542df1a272460ae310d6945e9ae6fced7ea28ac88a325ed21a98ce663b4f6d

SHA512
59a202726fc8b1f90eb41f0064338fba09fb97ca1cba9af8ff9b74a6df3cf27971e7004959a9ea2e6b4b236c7149831074e376552d8372ec2f4c2f418eea13a7

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Secure Preferences~RFe5beaab.TMP

Filesize
47KB

MD5
82f6bc47c96a0d5ee9ace4387b44bfbc

SHA1
0d913ebaa600085deacc14376d3a34bd27a79ce6

SHA256
fa250eaa40884a538bcbb82148b31f2bc7706685f393a1b865745f5f832a8ebc

SHA512
f3a46b89b5ad102ac708189ccfcd07296e7555c1a2d18d290f254be94c724ddb6d7588599f975afa8b089d8f4395e583106d98cd0ea9076e72fbf72522846f1f

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Service Worker\CacheStorage\a0a7cc36363e94a9a33c3081b87e8c7f6d06df3e\4c7944e3-8b8a-4b01-98a5-ca288426a093\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Service Worker\CacheStorage\a0a7cc36363e94a9a33c3081b87e8c7f6d06df3e\4c7944e3-8b8a-4b01-98a5-ca288426a093\index-dir\the-real-index

Filesize
96B

MD5
55e5920a048f0d3bf09e7cb9c321fd8c

SHA1
b9a9468ede2e282a82c19bfb7edcd980f82b1d36

SHA256
6eadcd61562381d49f37dedf3f5728570a4f9521f20791725f089e211e339e23

SHA512
fc76856c54f673fb32a6df57b5018ff06c92a21465774e4f2767ac40ce942f4fba78513f25362d7218a643df10967be0ce1532b73c2d8005cb4d2eabe087e58e

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Service Worker\CacheStorage\a0a7cc36363e94a9a33c3081b87e8c7f6d06df3e\4c7944e3-8b8a-4b01-98a5-ca288426a093\index-dir\the-real-index~RFe5c07f7.TMP

Filesize
48B

MD5
4b29af30b121fd0f5679a0c8ab446166

SHA1
7d6473d333b06c7a5ca54bf7e0ecd078b87ce820

SHA256
05be703a275943e5c4bc1f9b8ffc85a12229728f650087e0a8703e909f0b8333

SHA512
fe47677a5934e067417db263b1fc744465a61d974849509c4a9022812e614ee43c9d46cee275c47599c2e0743b5b28f103aff623ad2f3250159e5514d6704493

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
288B

MD5
96083f84db4d207e58f1d6e1c7bda104

SHA1
e3810ee014698a03b9e75a4e16556b51101bde6e

SHA256
42de7d46236ece0c0294f9ae3a24f5411865349d75179b67edd4a214369c8107

SHA512
ef9ee9d22d485869af8f8b3d415f05909f179a28f8f6623f5cad758a4b6a273b99986c996e6ba34c08469b2fc726347f9b6cbe3ae649d287401da493874835fc

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5c1787.TMP

Filesize
48B

MD5
f9b095d37a979c29a22ecbc82875f0f3

SHA1
180a1f1bda00b7520df65f6df3cbaaf882a66465

SHA256
a7ae73847e6b7685262b7ba33a917169e176561777ac8b0e1c6e4c82948bc100

SHA512
9dbac7177825873f01a703a8d1c8b7ea19f2962ae0ef37e32eaf84957a654eced57ac4a3503b733da37be9b463600c27027cd68695947c33409fbb7ff17db095

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Local State

Filesize
7KB

MD5
51b0f27ade582c060053573d3fb85b91

SHA1
529bc78e5f9a426242491dd8a21baf745917390b

SHA256
293ea9440a190a41b9097da4d524aabea3c83fe8bd32a949a517af0279a83a62

SHA512
6312d857ad49a6af65465e1550133af6360c7ca08c36647d31e7f6a8ac935db3ff24944f9eedac53f718b13ec771f0d19a2f08a06592e65950b20cc655e4f59e

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Local State~RFe5bc272.TMP

Filesize
4KB

MD5
2672db9b38dc1dd639b16a21ef446b0f

SHA1
b34da0d02ce6920f8989b1bf198e5072c86ae609

SHA256
94e6c960ba7edfb37f13566aaeafd665fac1b0b09d7cd237d48032440c7d53a4

SHA512
11906ee30bc2ea88f207cb078bf359e4434c7824089b3b56fa9ccbe9f7309c0be961207e28d8a7ff20677e38760e2baa8d37eb771f1c3f7f1e60e45233d5eb4d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveBrowser.lnk

Filesize
2KB

MD5
0355824a8b5a622fc13f8a6625656333

SHA1
26a9ddea8f7d5e558570d1d88b77e5b358b303b3

SHA256
fa94d0de17746b6736fef00c1b82010fe3fd776f659f51eee21d09f43878f44e

SHA512
57bcca2da6da7b80561c0f0cdf1ac6057baa64e17b38d58416092d423c1cd5471a66443a7a66b67d2a4f357f1b694f70416978d890593120a97291e550367f34

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 246248.crdownload

Filesize
1.2MB

MD5
1684aab6fae1ed888cf6d3c45e3f5fa7

SHA1
6acc87b81836575bf7b497f0e8a9a23a221f06b7

SHA256
4114122c0dca23f637d83eed33f9abcdc92709e2ac6f63ffd55f5aae519b58ab

SHA512
6d4bafe21686ce62cc129082e8dcd4da87fa7dcaea5eee9862a99adbb0142e89fe0e9d097ee2b9a9a6b6eab3ee23b6a26c4fa587d7ce1782a1d2e2c1454c2e71

Download Submit
C:\Users\Admin\Downloads\Wave Browser.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/1596-1507-0x000000001E680000-0x000000001E6B8000-memory.dmp

Filesize
224KB

Download
memory/1596-1506-0x000000001E1E0000-0x000000001E1E8000-memory.dmp

Filesize
32KB

Download
memory/1596-1496-0x0000000000150000-0x000000000028A000-memory.dmp

Filesize
1.2MB

Download
memory/1596-1508-0x000000001E640000-0x000000001E64E000-memory.dmp

Filesize
56KB

Download
memory/5940-1864-0x00007FFF24E40000-0x00007FFF24E41000-memory.dmp

Filesize
4KB

Download
memory/5940-1865-0x00007FFF22D50000-0x00007FFF22D51000-memory.dmp

Filesize
4KB

Download