43e6ae7e38488e95741b1cad60843e7ce49419889285433eb4e697c175a153ab

Resubmissions

10/08/2024, 09:25

240810-ldyb3atfjp 3

10/08/2024, 09:22

10/08/2024, 09:18

10/08/2024, 09:01

10/08/2024, 08:57

10/08/2024, 08:42

Analysis

max time kernel
666s
max time network
659s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
10/08/2024, 08:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WaveInstaller.exe
Size

2.3MB
MD5

8ad8b6593c91d7960dad476d6d4af34f
SHA1

0a95f110c8264cde7768a3fd76db5687fda830ea
SHA256

43e6ae7e38488e95741b1cad60843e7ce49419889285433eb4e697c175a153ab
SHA512

09b522da0958f8b173e97b31b6c7141cb67de5d30db9ff71bc6e61ca9a97c09bff6b17d6eaa03c840500996aad25b3419391af64de1c59e98ff6a8eac636b686
SSDEEP

49152:6inbT3qpTDQSmanAmwJAaDMg33U2pLYiniT:6inKpTJmWAmmAMPWin

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 12 IoCs

pid	Process
3016	WaveBootstrapper.exe
3100	WaveWindows.exe
4292	node.exe
1556	Bloxstrap.exe
2696	CefSharp.BrowserSubprocess.exe
1568	CefSharp.BrowserSubprocess.exe
668	CefSharp.BrowserSubprocess.exe
3620	CefSharp.BrowserSubprocess.exe
4740	CefSharp.BrowserSubprocess.exe
5196	wave-luau.exe
3580	CefSharp.BrowserSubprocess.exe
6292	CefSharp.BrowserSubprocess.exe

Loads dropped DLL 64 IoCs

pid	Process
3016	WaveBootstrapper.exe
3100	WaveWindows.exe
3100	WaveWindows.exe
3100	WaveWindows.exe
3100	WaveWindows.exe
3100	WaveWindows.exe
3100	WaveWindows.exe
3100	WaveWindows.exe
3100	WaveWindows.exe
3100	WaveWindows.exe
3100	WaveWindows.exe
3100	WaveWindows.exe
3100	WaveWindows.exe
1568	CefSharp.BrowserSubprocess.exe
1568	CefSharp.BrowserSubprocess.exe
2696	CefSharp.BrowserSubprocess.exe
2696	CefSharp.BrowserSubprocess.exe
2696	CefSharp.BrowserSubprocess.exe
3620	CefSharp.BrowserSubprocess.exe
3620	CefSharp.BrowserSubprocess.exe
2696	CefSharp.BrowserSubprocess.exe
2696	CefSharp.BrowserSubprocess.exe
1568	CefSharp.BrowserSubprocess.exe
1568	CefSharp.BrowserSubprocess.exe
1568	CefSharp.BrowserSubprocess.exe
1568	CefSharp.BrowserSubprocess.exe
1568	CefSharp.BrowserSubprocess.exe
668	CefSharp.BrowserSubprocess.exe
668	CefSharp.BrowserSubprocess.exe
668	CefSharp.BrowserSubprocess.exe
668	CefSharp.BrowserSubprocess.exe
668	CefSharp.BrowserSubprocess.exe
668	CefSharp.BrowserSubprocess.exe
668	CefSharp.BrowserSubprocess.exe
3620	CefSharp.BrowserSubprocess.exe
3620	CefSharp.BrowserSubprocess.exe
3620	CefSharp.BrowserSubprocess.exe
3620	CefSharp.BrowserSubprocess.exe
3620	CefSharp.BrowserSubprocess.exe
2696	CefSharp.BrowserSubprocess.exe
2696	CefSharp.BrowserSubprocess.exe
2696	CefSharp.BrowserSubprocess.exe
2696	CefSharp.BrowserSubprocess.exe
2696	CefSharp.BrowserSubprocess.exe
2696	CefSharp.BrowserSubprocess.exe
4740	CefSharp.BrowserSubprocess.exe
4740	CefSharp.BrowserSubprocess.exe
4740	CefSharp.BrowserSubprocess.exe
4740	CefSharp.BrowserSubprocess.exe
4740	CefSharp.BrowserSubprocess.exe
4740	CefSharp.BrowserSubprocess.exe
4740	CefSharp.BrowserSubprocess.exe
3580	CefSharp.BrowserSubprocess.exe
3580	CefSharp.BrowserSubprocess.exe
3580	CefSharp.BrowserSubprocess.exe
3580	CefSharp.BrowserSubprocess.exe
3580	CefSharp.BrowserSubprocess.exe
3580	CefSharp.BrowserSubprocess.exe
3580	CefSharp.BrowserSubprocess.exe
3580	CefSharp.BrowserSubprocess.exe
6292	CefSharp.BrowserSubprocess.exe
6292	CefSharp.BrowserSubprocess.exe
6292	CefSharp.BrowserSubprocess.exe
6292	CefSharp.BrowserSubprocess.exe

Checks for any installed AV software in registry 1 TTPs 29 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\LastUsername = "[email protected]"	WaveWindows.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\Session = "Bearer cbd92d91-6844-4069-99d4-f4df82ba0e73"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\FirstHash	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\ContinueOnStartUp = "0"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\FontSize	WaveWindows.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\FirstHash = "\"30af26a250a07aad89066b8b835ab575-2\""	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\SecondHash	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\LastUsername	WaveWindows.exe
Key queried	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\ContinueOnStartUp	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\TopMost = "0"	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\UsePerformanceMode = "0"	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\RefreshRate = "60"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\Minimap	WaveWindows.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\SecondHash = "\"d904671e8595ebfe64a0add550fc0522-2\""	WaveWindows.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\RefreshRate	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\InlayHints	WaveWindows.exe
Key opened	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\Session	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\RedirectCompilerError = "1"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\RedirectCompilerError	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\Minimap = "0"	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\FontSize = "14"	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\InlayHints = "1"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\SendCurrentDocument	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\SendCurrentDocument = "1"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\TopMost	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\UsePerformanceMode	WaveWindows.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\W:	WaveWindows.exe
File opened (read-only)	\??\H:	WaveWindows.exe
File opened (read-only)	\??\L:	WaveWindows.exe
File opened (read-only)	\??\N:	WaveWindows.exe
File opened (read-only)	\??\P:	WaveWindows.exe
File opened (read-only)	\??\R:	WaveWindows.exe
File opened (read-only)	\??\X:	WaveWindows.exe
File opened (read-only)	\??\A:	WaveWindows.exe
File opened (read-only)	\??\B:	WaveWindows.exe
File opened (read-only)	\??\E:	WaveWindows.exe
File opened (read-only)	\??\M:	WaveWindows.exe
File opened (read-only)	\??\U:	WaveWindows.exe
File opened (read-only)	\??\V:	WaveWindows.exe
File opened (read-only)	\??\G:	WaveWindows.exe
File opened (read-only)	\??\J:	WaveWindows.exe
File opened (read-only)	\??\O:	WaveWindows.exe
File opened (read-only)	\??\T:	WaveWindows.exe
File opened (read-only)	\??\Y:	WaveWindows.exe
File opened (read-only)	\??\Z:	WaveWindows.exe
File opened (read-only)	\??\I:	WaveWindows.exe
File opened (read-only)	\??\K:	WaveWindows.exe
File opened (read-only)	\??\Q:	WaveWindows.exe
File opened (read-only)	\??\S:	WaveWindows.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
60	raw.githubusercontent.com
61	raw.githubusercontent.com
4	raw.githubusercontent.com
48	raw.githubusercontent.com
58	raw.githubusercontent.com
59	raw.githubusercontent.com

Network Service Discovery 1 TTPs 7 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
2696	CefSharp.BrowserSubprocess.exe
3580	CefSharp.BrowserSubprocess.exe
6292	CefSharp.BrowserSubprocess.exe
3620	CefSharp.BrowserSubprocess.exe
4740	CefSharp.BrowserSubprocess.exe
668	CefSharp.BrowserSubprocess.exe
1568	CefSharp.BrowserSubprocess.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\devmgmt.msc	mmc.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3100_1112527996\_platform_specific\win_x86\widevinecdm.dll.sig	WaveWindows.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\c_nvmedisk.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3100_1112527996\_platform_specific\win_x86\widevinecdm.dll	WaveWindows.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3100_1112527996\_metadata\verified_contents.json	WaveWindows.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3100_1112527996\manifest.json	WaveWindows.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File opened for modification	C:\Windows\SystemTemp	WaveWindows.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3100_1112527996\manifest.fingerprint	WaveWindows.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\INF\c_primitive.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 12 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveBootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveWindows.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe

Checks SCSI registry key(s) 3 TTPs 35 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133677530866500581"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings	control.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-131918955-2378418313-883382443-1000\{B45BD276-7E80-4D32-A3B0-F9386739E331}	WaveWindows.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 5 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\freemium-tasks.htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\freemium-tasks (1).htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\freemium-tasks (2).htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\download.htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\download (1).htm:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1068	chrome.exe
1068	chrome.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
1068	chrome.exe
1068	chrome.exe
4328	taskmgr.exe
4328	taskmgr.exe
3100	WaveWindows.exe
3100	WaveWindows.exe
3100	WaveWindows.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
668	CefSharp.BrowserSubprocess.exe
668	CefSharp.BrowserSubprocess.exe
1568	CefSharp.BrowserSubprocess.exe
1568	CefSharp.BrowserSubprocess.exe
3620	CefSharp.BrowserSubprocess.exe
3620	CefSharp.BrowserSubprocess.exe
2696	CefSharp.BrowserSubprocess.exe
2696	CefSharp.BrowserSubprocess.exe
4740	CefSharp.BrowserSubprocess.exe
4740	CefSharp.BrowserSubprocess.exe
3100	WaveWindows.exe
3100	WaveWindows.exe
5608	msedge.exe
5608	msedge.exe
6100	msedge.exe
6100	msedge.exe
5172	msedge.exe
5172	msedge.exe
6296	msedge.exe
6296	msedge.exe
6572	msedge.exe
6572	msedge.exe
6648	identity_helper.exe
6648	identity_helper.exe
3580	CefSharp.BrowserSubprocess.exe
3580	CefSharp.BrowserSubprocess.exe
3580	CefSharp.BrowserSubprocess.exe
3580	CefSharp.BrowserSubprocess.exe
6292	CefSharp.BrowserSubprocess.exe
6292	CefSharp.BrowserSubprocess.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
6036	msedge.exe
6036	msedge.exe
6496	msedge.exe
6496	msedge.exe
2284	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3696	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5116	WaveInstaller.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	3024	control.exe
Token: SeCreatePagefilePrivilege	3024	control.exe
Token: 33	3696	mmc.exe
Token: SeIncBasePriorityPrivilege	3696	mmc.exe
Token: 33	3696	mmc.exe
Token: SeIncBasePriorityPrivilege	3696	mmc.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
4328	taskmgr.exe
6100	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3696	mmc.exe
3696	mmc.exe
6624	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1068 wrote to memory of 3152	1068	chrome.exe	83
PID 1068 wrote to memory of 3152	1068	chrome.exe	83
PID 2120 wrote to memory of 4288	2120	chrome.exe	85
PID 2120 wrote to memory of 4288	2120	chrome.exe	85
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 568	1068	chrome.exe	86
PID 1068 wrote to memory of 5008	1068	chrome.exe	87
PID 1068 wrote to memory of 5008	1068	chrome.exe	87
PID 1068 wrote to memory of 2760	1068	chrome.exe	88
PID 1068 wrote to memory of 2760	1068	chrome.exe	88
PID 1068 wrote to memory of 2760	1068	chrome.exe	88
PID 1068 wrote to memory of 2760	1068	chrome.exe	88
PID 1068 wrote to memory of 2760	1068	chrome.exe	88
PID 1068 wrote to memory of 2760	1068	chrome.exe	88
PID 1068 wrote to memory of 2760	1068	chrome.exe	88
PID 1068 wrote to memory of 2760	1068	chrome.exe	88
PID 1068 wrote to memory of 2760	1068	chrome.exe	88
PID 1068 wrote to memory of 2760	1068	chrome.exe	88
PID 1068 wrote to memory of 2760	1068	chrome.exe	88
PID 1068 wrote to memory of 2760	1068	chrome.exe	88
PID 1068 wrote to memory of 2760	1068	chrome.exe	88
PID 1068 wrote to memory of 2760	1068	chrome.exe	88
PID 1068 wrote to memory of 2760	1068	chrome.exe	88
PID 1068 wrote to memory of 2760	1068	chrome.exe	88
PID 1068 wrote to memory of 2760	1068	chrome.exe	88
PID 1068 wrote to memory of 2760	1068	chrome.exe	88
PID 1068 wrote to memory of 2760	1068	chrome.exe	88
PID 1068 wrote to memory of 2760	1068	chrome.exe	88
PID 1068 wrote to memory of 2760	1068	chrome.exe	88
PID 1068 wrote to memory of 2760	1068	chrome.exe	88
PID 1068 wrote to memory of 2760	1068	chrome.exe	88
PID 1068 wrote to memory of 2760	1068	chrome.exe	88
PID 1068 wrote to memory of 2760	1068	chrome.exe	88
PID 1068 wrote to memory of 2760	1068	chrome.exe	88
PID 1068 wrote to memory of 2760	1068	chrome.exe	88
PID 1068 wrote to memory of 2760	1068	chrome.exe	88

C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:5116
- C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe
  "C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3016
- - C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
    "C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks for any installed AV software in registry
    - Enumerates connected drives
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:3100
  - - C:\Users\Admin\AppData\Local\Luau Language Server\node.exe
      "C:\Users\Admin\AppData\Local\Luau Language Server\node.exe" server --process-id=3100
      4⤵
      Executes dropped EXE
      PID:4292
    - - C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\wave-luau.exe
        
        "C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\wave-luau.exe" lsp "--definitions=C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\globalTypes.d.luau" "--definitions=C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\wave.d.luau" "--docs=C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\en-us.json"
        5⤵
        Executes dropped EXE
        
        PID:5196
  - - C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
      "C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"
      4⤵
      Executes dropped EXE
      PID:1556
  - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6828,i,8293564016244602319,16900751995219354146,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=6832 --mojo-platform-channel-handle=6820 /prefetch:2 --host-process-id=3100
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Network Service Discovery
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2696
  - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --field-trial-handle=7148,i,8293564016244602319,16900751995219354146,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=7152 --mojo-platform-channel-handle=7144 /prefetch:8 --host-process-id=3100
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Network Service Discovery
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1568
  - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --field-trial-handle=7196,i,8293564016244602319,16900751995219354146,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=7200 --mojo-platform-channel-handle=7192 /prefetch:3 --host-process-id=3100
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Network Service Discovery
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:668
  - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=7544,i,8293564016244602319,16900751995219354146,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=7548 --mojo-platform-channel-handle=7540 --host-process-id=3100 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Network Service Discovery
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:4740
  - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=7560,i,8293564016244602319,16900751995219354146,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=7568 --mojo-platform-channel-handle=7552 --host-process-id=3100 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Network Service Discovery
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://key.getwave.gg/
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of SendNotifyMessage
      PID:6100
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffed9c83cb8,0x7ffed9c83cc8,0x7ffed9c83cd8
        5⤵
        
        PID:6112
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,13170284535901523025,13352910833427711478,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
        5⤵
        
        PID:5532
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,13170284535901523025,13352910833427711478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5608
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,13170284535901523025,13352910833427711478,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2456 /prefetch:8
        5⤵
        
        PID:5612
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13170284535901523025,13352910833427711478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
        5⤵
        
        PID:5964
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13170284535901523025,13352910833427711478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
        5⤵
        
        PID:352
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,13170284535901523025,13352910833427711478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5172
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13170284535901523025,13352910833427711478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
        5⤵
        
        PID:6284
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,13170284535901523025,13352910833427711478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
        5⤵
        NTFS ADS
        Suspicious behavior: EnumeratesProcesses
        
        PID:6296
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13170284535901523025,13352910833427711478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
        5⤵
        
        PID:6560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,13170284535901523025,13352910833427711478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
        5⤵
        NTFS ADS
        Suspicious behavior: EnumeratesProcesses
        
        PID:6572
    - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,13170284535901523025,13352910833427711478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6648
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13170284535901523025,13352910833427711478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
        5⤵
        
        PID:6772
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13170284535901523025,13352910833427711478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
        5⤵
        
        PID:6780
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13170284535901523025,13352910833427711478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
        5⤵
        
        PID:6820
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13170284535901523025,13352910833427711478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
        5⤵
        
        PID:6828
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13170284535901523025,13352910833427711478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
        5⤵
        
        PID:7068
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13170284535901523025,13352910833427711478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
        5⤵
        
        PID:6244
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13170284535901523025,13352910833427711478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
        5⤵
        
        PID:6312
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,13170284535901523025,13352910833427711478,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5952 /prefetch:2
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4428
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13170284535901523025,13352910833427711478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
        5⤵
        
        PID:5152
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,13170284535901523025,13352910833427711478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
        5⤵
        NTFS ADS
        Suspicious behavior: EnumeratesProcesses
        
        PID:6036
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13170284535901523025,13352910833427711478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
        5⤵
        
        PID:6452
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,13170284535901523025,13352910833427711478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8
        5⤵
        NTFS ADS
        Suspicious behavior: EnumeratesProcesses
        
        PID:6496
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13170284535901523025,13352910833427711478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
        5⤵
        
        PID:5284
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,13170284535901523025,13352910833427711478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:8
        5⤵
        NTFS ADS
        Suspicious behavior: EnumeratesProcesses
        
        PID:2284
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13170284535901523025,13352910833427711478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
        5⤵
        
        PID:2324
  - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5692,i,8293564016244602319,16900751995219354146,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=3500 --mojo-platform-channel-handle=2972 /prefetch:8 --host-process-id=3100
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Network Service Discovery
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3580
  - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --field-trial-handle=5476,i,8293564016244602319,16900751995219354146,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=5460 --mojo-platform-channel-handle=5424 /prefetch:8 --host-process-id=3100
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Network Service Discovery
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:6292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffef3c5cc40,0x7ffef3c5cc4c,0x7ffef3c5cc58
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1788,i,713686678665044935,10960413575092348652,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1508 /prefetch:2
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2108,i,713686678665044935,10960413575092348652,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,713686678665044935,10960413575092348652,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,713686678665044935,10960413575092348652,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,713686678665044935,10960413575092348652,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4484,i,713686678665044935,10960413575092348652,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4636,i,713686678665044935,10960413575092348652,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5032,i,713686678665044935,10960413575092348652,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4584 /prefetch:8
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5232,i,713686678665044935,10960413575092348652,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4256 /prefetch:8
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4772,i,713686678665044935,10960413575092348652,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4348 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4992,i,713686678665044935,10960413575092348652,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef3c5cc40,0x7ffef3c5cc4c,0x7ffef3c5cc58
  2⤵
  PID:4288

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4916

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2176

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2132

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:3644

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:1868

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" /name Microsoft.DeviceManager
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:3024
- C:\Windows\system32\mmc.exe
  "C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:3696

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:4876

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4328

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004E0
1⤵
PID:4712

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5016

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\freemium-tasks.htm
1⤵
PID:6552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffed9c83cb8,0x7ffed9c83cc8,0x7ffed9c83cd8
  2⤵
  PID:6556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Peripheral Device Discovery

T1120

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.dll

Filesize
4.3MB

MD5
6546ceb273f079342df5e828a60f551b

SHA1
ede41c27df51c39cd731797c340fcb8feda51ea3

SHA256
e440da74de73212d80da3f27661fcb9436d03d9e8dbbb44c9c148aaf38071ca5

SHA512
f0ea83bf836e93ff7b58582329a05ba183a25c92705fab36f576ec0c20cf687ce16a68e483698bda4215d441dec5916ffbdfa1763fb357e14ab5e0f1ffcaf824

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe

Filesize
249KB

MD5
772c9fecbd0397f6cfb3d866cf3a5d7d

SHA1
6de3355d866d0627a756d0d4e29318e67650dacf

SHA256
2f88ea7e1183d320fb2b7483de2e860da13dc0c0caaf58f41a888528d78c809f

SHA512
82048bd6e50d38a863379a623b8cfda2d1553d8141923acf13f990c7245c833082523633eaa830362a12bfff300da61b3d8b3cccbe038ce2375fdfbd20dbca31

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.runtimeconfig.json

Filesize
372B

MD5
d94cf983fba9ab1bb8a6cb3ad4a48f50

SHA1
04855d8b7a76b7ec74633043ef9986d4500ca63c

SHA256
1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a

SHA512
09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

Download Submit
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json

Filesize
738B

MD5
3b3dbfe9caace4142e7c216762068fa7

SHA1
f335b5d59e2608bd76c9444737fe4ed731d925a4

SHA256
8f38a060acd51c952ed042639fae852d7b37e4703446785b4eab9e34a3241d2a

SHA512
6d834dccdca361ea335959b6c5a213baa9c48f7900553339c8154b4333dcced4bca261374457136fb2aa4b13ed852bebe1c1e3860716b32482ff0ab43c8f33f3

Download Submit
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json

Filesize
850B

MD5
dbe7fd8ef222acd24368cd9262beb50c

SHA1
63a6910c2b6b29563a220cf680f5f9dc97d3993e

SHA256
9cb2f93e307b1422cdb362654810582ed079b02c3fa7788f9985ed9e209d9f89

SHA512
f03671998eccbddd76ca88b2d789d154be7775c5588fffe6bc99e1cee2d661e0c7fc4675ba836bf49b304e18492fd2b558b9ed1ee0100fff2ba70bdd20883e4e

Download Submit
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json~RFe5bf1af.TMP

Filesize
529B

MD5
2697a4b948716bddcf965137ad220bc9

SHA1
7d1f75f919e9629b42cd4f99b1a8fe8b0d42118e

SHA256
30e51f3c4513dfe94372766cd8e43b80788d35772a599828e05fd01e0c4f0772

SHA512
ba5628d5d4bbc1e4cece30b4243e7ec5c0c0f78a228cd203442e8e05cade9f863602228e1a879d09e2a0abe9f7fcc4201ddacbbdcf8d347f595d3127d9d5574e

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
75bbfba3c4597dc9b140d9908f9bcb04

SHA1
58aecb6e58ad985e77927c0174aa5543eb0184a2

SHA256
5221e57ee588510b40948ee4ced949d7775caf8ff19db1e5492567cb6ccfce19

SHA512
48f17a2268c02f25540a0038baa1d73733df018e1f5cf709227c9ca80be16dad24563ad7cd8b02b87189fb3df1d0b15d6f7ca8aa66d39a4643bfd91cfc2fe5a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
36ae424b2d2526360317d5957a12e8f7

SHA1
a8aab4cd0b28eee3548dd93434d80f5dcae41031

SHA256
437e484f4977dd4e7d8978002ee2c0a63b17db44c6995fb086b77f4de7751ba6

SHA512
317b4272d56351f6657db0d3472fb6147e25f49fe0bd80b19514ad9103745840b7e17e9ec65713d3de68e7ce95c0f3a944725b78db0525694798831f33ab54f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9f006089ba8a2bd377794215fd04d659

SHA1
765a928e17261526100e8232180cf4ac4c91f1d1

SHA256
14b591617453b8e502019d467a911671659479426032b0f237d6040ab1a1d6a9

SHA512
f4573d3c9a2b4c98ba4d14cdcfebbfbb436df2f9d40a27e8c71abcd218669af2c816e2865ebdf1026d3050cf7850494de73c6120d075fa0101066f4c564d968d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e28e21bde50a902acbf9e54f218a954a

SHA1
ebe8527835e625745fc3abcf2cf6125ee13b7dcb

SHA256
93cd2e900ae31f202abc373001de652d909efda04922616e8a6b3c8e74ce2aa7

SHA512
90941f990beab60f7a9d27a8db81185c55bc7bf06d82a11d5e4e7bcdc861e8e590016c5215017fa800e498304305b5d45da56c59487e8390db0076f0138436be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
78530ec46a6c809f32e89aac9ff87723

SHA1
c67aee4761c4ad0f405d7f9ab5922f1857b930cb

SHA256
22759a7c7e05371e44bdce9505e8e89faf015b7d95e920cbae1f46405cc5b312

SHA512
98c92f25f398a3ca8378a75dee8917a398d1631e7e9bd0117a0a630a25497bfdf7f6ce51cd8990d05444107d8eb9609c3990649a1fbf6da8b75f9a10743657b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
d611ff7c8d83b6a8abd46d45e60c9df7

SHA1
897d579a59c60b47c2508536b94893a5dcf341fb

SHA256
06dadfc5bb1914085ae2eb9cc83c066e91f0ceba777fa71d7f7506912bb86bad

SHA512
b803a44b7e8ebbbaeed32deb33af60c1420a9128800f5efe1f47e9f85a737f19198b55013a289d620dc1bd95a2c257c8867101ca94f3adc68b5678ea7ed3fea6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\cc15d09b-fea5-4ae2-898f-b07c4db9ac4b.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4e31fe9fecf005d4d11c2854085bf8d7

SHA1
3df32cab78eac013fb5c34b45e0f77312268252f

SHA256
de7b1f4d04286276793b2db11b037b417c48e8a63de93660d432fa9dd7506fcc

SHA512
3ed661c5a545a2c59122ef0c996662548fbb0a9f7be146e0702749c4a40350379cdfec69d6ee9d73fc1b073166d742c4c6d62dc450ec3740936cb2a12625ba98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
99ff4d1d687aa174267478eacfa91799

SHA1
3d2e85363d274451ef23210ecb7c8d106743d548

SHA256
19d999c38f6e93ed8c35a343cf4657b35c600d3e8f7ebb17424786bdbc51090b

SHA512
348cf26f1bc9b9fa095059934139e58111f58e277cbc0529664a1a7221b52687181b835387df61b9f62b5e9226caf7b9dd6b33de1170ffa27f80b15db85ed7c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bafebe09821ba9c10e87a391ef6da28c

SHA1
73ab43a4b49411c1e8607a635d830ad4ca67ced3

SHA256
51526cba414eb76445741ea72610fe69efecbf2a467d082de5d2530edb0e400f

SHA512
d5bf8105eb74dc1d9b15429e729dbc363bd45e8b7323c702001052b0cc52827aeecf025863a54b452bdf472d1cf4a5d16ed53473db72fead8351d433a2868496

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d7037c7999e2f2a4562a94fcfbf4c5ce

SHA1
a47ea2fd18cfa6a1cc0a1dbea646cecde79d4405

SHA256
caaf611c312341df76ecf90e6b903ea7500d86736780e3bda62e19606b2b003a

SHA512
b2277d014be037fbbb55afe8bfc5620b8a925d4ad6441c6cdbef379e2c5d54889ba8499c4d73cc77c10e67f888383e13ce86a61b5fe9247ebed15f22aed1476f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c07720e1181eb8e9d06837db36b821fd

SHA1
27ae32e2c1b0d2876a00de7d9f3439a02ca164fa

SHA256
0178e74920b06e0921b412b56e08970ae2ff5d27e8109da018658e59c7d56f77

SHA512
127df96814a4d0b551bfc40b90e58b75ed99c27e525f4299b53d671259331c04eeea88079c186454c0de152c30f18269b42c12c5bd3c5b42fe22aec0c8d5bece

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f524ab8497ed11ade85ab91b5c7f859e

SHA1
3bda8e6c827b7284be4fa68c60d84dfbda0ef09e

SHA256
083f1d2c45aebbacbe0ad68578ce0dc8adf929200b89e998c29f529d1c53e4dc

SHA512
0ef9acab3ee66ab571f89ff55c5f12c7fd80342d5339b7a4615dae008dad066e54d1d92bf9aabac696a4ddbdfc097e7d5f2acd621584e2f9fa9e71ca23573b7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bf508634e2e43d9fb3f9def2baefa586

SHA1
80ba00750afa441581eca6d4bf1a3d086ad0e8ba

SHA256
54f642ee391c189cfd28990a4048c2f6d1dbf50b60dba2c128bc2afa9d8561e4

SHA512
6d5eac46e1fa078f4a27166aa77ea1a528ef2df4d98692c15c12cae490129ff77a40d9f4cc25372b51fa09be70ef86391e5a0160b9f18752c38a7a056cd2502d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
867020738bfac4ce85ce5e52a44073c0

SHA1
ac5e8b84e49460a400ebaaf21c654e93597015fc

SHA256
6291d6ebe1ba8c1a1378eae3083fe2d11c7c8d68c1e9ef9150c4bd531a63f0a5

SHA512
bc2eeecba49f67951021e0271c4714dddc46f91c18248499f3cfa576334154abdf18e1b162d722df21ab91bc05ca289dd4dca22e8e06010d328d71aef0aadfae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a7e4215d746afd462cb7bc742c656db7

SHA1
c836acdbc58104e42b136962797b3f5240977b79

SHA256
f370ef1c8097ee8a36ee19c68f541f70bcb48f7f116d83b74b9e2d19ed33bde1

SHA512
7f22008b6fc635dddbdcc6846748ae6ac5d29f14b8fe89d6146ad7dced4c85213cba7ca6f27c9453ff795ee9264bb6ce7bc7d99472ad30affc750948c4de2fc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
21d782a9f247d4751b0abf67d8391839

SHA1
59322568809c3d371766c11aa849d96d8168f1a3

SHA256
6a264bf11572784764b8c88e744242c1300de9f06651bb07b58d8c6bc271ec20

SHA512
43bc4942d56ae561a5d90b693a84ad86125bca99b3b45c1bc78f343dcdef6c774bd1688568c1af98dcd963392f7e3d48c92dc44e77aabd93fdc45c1e2495f087

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cc81a62b06534d75d6cdee68a02339a1

SHA1
1027ca0c607e00b41481c89065915659a05a9f0f

SHA256
e70cbccd3d5dcea848318a108dcfe49c884cdf50772463fa635d221e5c5f73d2

SHA512
64f9b3819877a9cfd424b7177a6c7ce6b51010d9af09b7aebfba340147ba284e0c4ed32101c2af2e5c3e5e79929c26431112514bfca167d7e196a3a154b25fa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
05461e95b95156358bb9da18f56866ab

SHA1
f2b9fc003f61fec23204ae55533ff81ee29c50c0

SHA256
2a2efc0a5121c4dc489d669daaa83ed5d6936de6e4a4c1f4cb22289f793ea5e5

SHA512
aae8a3be292ee4709cfae1e33994514572f339ad4fa480577bd0dceba6c887c10ec6447caa3f685d80104c5c02d98c417cd579d2e979768b9ec5a29b407e2329

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1fee9a4aa0224e4cf57a5faf93775a2e

SHA1
635945f1508ca91a23781496af7c8fd289ed0e27

SHA256
fc260d55fc08df1c1ee3615c29fc00570eab17eae4956fb81e31530e99903171

SHA512
44fbd1bee3785f22223592b072cb88baa3ae1435ceaf7ae67a91c3ccaac674c185fbdac44047ab053e696657717bef70d5f3e2ea51b2dccf5c2dce812e22df17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f71546525568afbf50f83471af19580f

SHA1
4e02bafe28534f8ced2923d9e759c92de1f29724

SHA256
44faa992a5f881295b474cf008307f4679173991b69b1db1b0e2af9e6977c4f3

SHA512
59ac6f48da9ce227bb01d4494736911fdd33a5aa8d81dc4d94709e96f1dd04c6f4c55a617994f336cc46a22bc5b7ebf43474cfc590594fd2a972110055aa48b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
be10a44453c468662950f0d177a53b16

SHA1
4cfe05933d9888809cb735e8082cdafd2da618cc

SHA256
f3760b87a92067625d403e866a3cd958fbf5b5e5db833056c0fc4a58ed3b807d

SHA512
e3e915783a40677bfcb03ccbb60a32610bbee575aab564239c2089371a06c3d9380b1577ecc6a12c9c4608bdc77552b66bdf5ebb5dc479d6b41ca7d5dd8e8b5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f4d133f08bbd80a26a87a60be25bfdef

SHA1
6687b05037a72280e98911b1e08a0a069072b3bf

SHA256
e074c9446eee571560c9ed9701135f483ecfecf5db6096be460c54828059688e

SHA512
582b953143db05fd457c89c556898b69059e89d7c6ff833f279a38a085d2d4511c6d0573e09d1710bb63d2b26cd9035d227ca58a230bf1f1b38474b9d8d2d4a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
06dc6d0fd519f00d73e899c5ba50e424

SHA1
f4d5f421dd76bbacd855f3bd634b27b0d8650576

SHA256
4bff86fdfd605d70f2a342d0e610cda5e9e65b1baf11dcf43242b3ffe5ee82ef

SHA512
9164c7509fc7b43585fdfed2f558253f9296c0b7ebaf7dd56bf7114875bca98940291ad3a42eac5a0cc8c81b3ed43806149555862e023d716740aece16dbde16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
375780b3b480d97be6924363db7f2a96

SHA1
f81c70f7fd2d649a079152a5fea4be46c88e9b69

SHA256
6f675622421027ba43fabb147db6459214a246810d63f05fe2be618a973203a8

SHA512
b6c8931b42a6ddd26a2d11351d24f6d671c5aa321fb317cf1ecd363195fc8dc3d506423ff87ebfad2fa8c1bd0d1a314bd5a2f6503c9c629661efeeee6b586f89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1aaf331ac57d48d651b36d9f6089fcb4

SHA1
750b77534c891e2d7ed134b2ad0bec9764c0a6be

SHA256
0cfd693467c479df4d85e8d2062e3d409fa3eb950048608d7dbff30a60c8dd78

SHA512
ddd5d3b90be3ea9bd1ed8a410450f1eaa973b67b32345c135a4c1a5e51624b4fa820d8a2ad06fd9ab616506c7b328820ea443e1c74cf8e921b148f097c7825d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
db9924f7a644f6da482ae69dc4393da3

SHA1
32b4f85ec6c9dea12a6f44f36ccd754ebab7060b

SHA256
e0aa53961ec195d48d07ac0c62d1d663ad1c19774210e1dade32e9a6e968e2c1

SHA512
8a1795dd3f442bbef600730b71d1f5ed5beb27a6f7fde9fbfeaba670013759e701e65099bce0a45dac41a307cd289c4e00d94c7702dafe696990df88f19d8a15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d2a3577eece2f17338f226d437835309

SHA1
03aebf35656ff345309199afa71a7ef6b4ddcec3

SHA256
d5a37f44d41e6004231ee59197d778b7cedda53f57d39401cf6415728e421d5c

SHA512
a446e2c43ec983622d9baeb78a488988019620a463f51bdd639978e7fcd5fde9c1ad7c1de5226b60686904cd70db9ec5d1a935b3a006ec36e865dab0138ae07c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9c895e6aee5dd64919fc829c8ed33a8b

SHA1
05c80fd2d46b86bbea33e4fb3038a3c677e7cf86

SHA256
bec038163855279d3c1204283ef09b94c45a0fd1b384cc89a20902976846b17f

SHA512
002ffb1146481ab39b896118307128591979723a6f9b5ae91c3cb18c1add6cc3e7387c53a095fb63e50fa9ce05f5e0de84d755efd39b68b34d0da004e67924a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9dc22de9f2abae3ea6c76355253a3a91

SHA1
2ba885bc398e60a1cace70aeb93473f7a8228a84

SHA256
7b3492d6bf23c5a60419006fce2a46e167f2a3da30a23d18b92dbe418491bc08

SHA512
7465cab5ec4b8c0c410b30b4bf0a764a5199331694fc997d658925375e78a0248e9e3cce7d93252ff7c6b1300881a1c2a5b2ca92813acdf2fabe6d0845533808

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b2bff28224e90f9a2f3b79a60a80ca74

SHA1
91d36a15409364e0c6359768be5fbccdc8cbef11

SHA256
ad61cb63b44cdd68ebbc83aa5c4f15c34710642af3a72b04d551e47fd58ab911

SHA512
807e65b4a60b5776a5b1981616e73123df154b0757f3a87de8a76f3993b30a51010379f471b594f2462f441c8fec5d141129fff741faa526eb465a59d35b0a22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f2a9fc5ba9c75692b979fa6f45b03d3e

SHA1
0d854a1ef98ec057e3f7313d676a3e2177d85a5b

SHA256
a4a9e08bc3d009074d621001c73e010de9df4e102229129ebd9d00284ba1669f

SHA512
988dde933ebe51c0e51ba17d48484ab514e297a88be9187ce0a1f7d0e1ea31f7cae20cb07654b4df8fdb674ccbd92fdbeb45f3e1026bb3d8405223af392839af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ba7c0fa496f8defdef54444be9d93654

SHA1
786b12b5b7f2ad6d4e9c13edca4c165e838f6fcf

SHA256
38fad1f8da3f94a1c2f317437ad6e94fb709501b5dbe0fc810f5396d7b39c8d8

SHA512
f01b37e9aa7dd7c2dd12a87e1480da4db76ef4d0004386c99dcb5b073e81e5138e0fddfb723c807f073fd30c362aba8c06b60186f515d41b2b60c37f4606f3bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
59df99ebfd8777c42e396e795d00cdfa

SHA1
0467249e815f21ead29d8d45e0f99d1f6cdc158d

SHA256
36d855833bbfc73e45ce38939e704fe39a582ca08802df42d06a59c1ce4d526f

SHA512
697780ba2fdf66863567c5f3e3110ae79deab39d256a07eb2c51af738400ac456b774637f432484e46f22216bc0b154b2ed09b2ba5e284a2ee28710b4c52df0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8dc209f8e7ebdbd59f34e9e2a77f773b

SHA1
6c36bde74bc96ff528448cec12aec69e5a142b7f

SHA256
f9d5d8d1e33ff3cc5ac1eb379bd01bb9805f558ed04f5cfa036181257468c842

SHA512
236c00193d710997a6159fd9ec4afaf7b1ab03db781725df81d657d2e582e5491ab71c4701c7cf41516634b7be5a33c9a8042717aa458c2f8beb6cbc2acc174c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7479e62c19bbe7ccb5f7d811b2caf7d1

SHA1
75d0406d41ac4aaeb4456e502dcdd44c17d095f9

SHA256
81ce2afcdaf37ff3dfb362ff2b0a98d47ac4414fc471ec92643f09db8241b476

SHA512
6baddfaeff8bb0733739fd313f7c706112f0c873602698e7757480d654074c8550b4702ede46d07caf5627f79c12eda62a80cc33a8bc8619d08eefcdff561ddf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cc7cae811cde7eb460878674c5fb23a3

SHA1
9d4acb9d29ae5c362e8ba24f559710ca82cfce1b

SHA256
227e9798ccd4688a45a2cf90fe1613466fa013b422c61141b63c73acea782ef7

SHA512
fc63078bbcae85d750c5bff6fbcb35a3a8e287c5525f1838d08434b8533816a15079763749cf64ad89a4738e50ae8df281600d5415bae8ec2f7acdcf6de8db64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
75145364564b8dcb96f1c5ac2ccb5015

SHA1
fd025d96ac9ac8fe4eed2cf583a2952aa33407d1

SHA256
1cbf71781b3d2bc5607a8a00b8a5ae0e411623a7ff3c7e44ceeee534b03aaf74

SHA512
586a071fa6c9cac068718605b1d9999c2748a21de0db850bcd74825ab332d7ebfacf524f6b8d168a2c471e719a2b70c0590f3ebda4faa26675e5f42b4e32028f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
66f075fd88462441cd8b39c39dc5dbdf

SHA1
f7049f76748bff3a77118da4ccd7613e38392437

SHA256
7ae3804474024f45c666c61ab196febfd9a29d2a65d61d7894766aa070ccd255

SHA512
d6539b326c02a9c65a87612a0d1bcb5c52b6b8045191df108c20448886a3ae02b5ac393f8be9f63bff525cb43bb31671ef3d64f38ae422b490c8a937587179af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cf13210c69224045e6e2c0e55adef9e1

SHA1
814a180969259c7fa5eb420c3419fe2fee1812a8

SHA256
d08dbccdb7e0141aec219f9a99254317e0bd79bd211ea707fc60446d37a118fa

SHA512
01395c2cb3150e8c436d6d8c6269928edc396c4f0dd8524cc3cc58e5826569e1b52252644b28f8c69d8e4e54d8730c8cb0488f8a20aae3aca8d5e090522a4b14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b739e9b3f1fec116c631ec3572fe9b6f

SHA1
50c15416cf70956c4292e55fe0077104075bd17e

SHA256
d3a05d9c13337ab97d3c5372dc6641827dab6aa5488272feee68b910437e14ea

SHA512
56152567cd761ee6bd79f42c4fa6e2d65140ec8260d2c16b5ca8223cb00643fa917334948dc4c49172d6f49674d8a3b5546218368dd413f309fc1edd7f7b6dc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d38c118cf40d54042dd4904db7581deb

SHA1
83b7a6610d6d9f6ac314d4cbe8be64e7f1e2fb09

SHA256
76da678df3892e6fbd26068afc9759b8a28d02534056786418d9afaadf831b10

SHA512
14c464078d27ec34e503f76dc6ce6ec30a8c93a19042663637d2bb743bb1b9dea94c9c7f94c2d75b6bfbb8222882663f42eb5acec1087606a73322bc51d4a240

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7201cbcca4551e4ba36b1145dee86468

SHA1
ef0fd1572c1c4da3610dee6a47dc0d760899598f

SHA256
ff7c6fbc855f80156c6fdadd0376d3144e07b42b00fc953453e9dd5d825319a4

SHA512
dfdfe75ef7d8526686953fcb0bdfb12c7c6b02f4eabec688b2a194ad6c26fc85b1562564ff2e470729b1dc61f2d22b5890b43dae574057736ab061134dcc1d6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f989d025ad6f71272a5234e7d8dfb604

SHA1
06a02637fbeb590a83fc4476e4fd806ff5a5e63f

SHA256
68669395aa2757a378f33b7e1c3782d5a631caceb2918a9a84c85a466a1f43df

SHA512
20c05eca3918285f6a5cf46e11d1893bb0bbc674a78f0427e2224dd0ce6b13b30ac6e164a7b79c78800cae4094d9011f2fd00c6ce8a32a3fcbb547d01a597637

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6100b6e03c08d527756a84f085856fd3

SHA1
105291bccc2f91ccf8b78b2d45cef4e5c59e6cf9

SHA256
5947a1bd940194d765e3442b64311f16d4b1b4f054dc45abc019d97b8e210fec

SHA512
9fee8f7cc938a7edfb711ce9115f74b6800144d30643089512945467d564f4118282d036c9c7bc2c7526ee7758ffc938cdd1c0bde17b3f59ad88b70ccd776c49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
182ee41f2c2abfc0b6475d01633822e2

SHA1
226976bb11a4c4791411421c2460fe49a40ece8f

SHA256
3fb948d03419fb59e88d4e8abcac954046a7d0c79e15d5fefa6287c17705c211

SHA512
c47d8bfe653ceb3a329d654152eb8512a2261c6c967de613b2825c6001805f08040dee57bc4be9338285416b69d2d8b7580f4b7ba63ed4e3b43fd76e40a631ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0b1fc82dbcb7d8a87805e18adfc77df3

SHA1
701a37a490367dc7d61501d07bf7e87f088f5f93

SHA256
c2eeb659b29b066676d988ada10c7b88fca1e2725bb29fb210f107c1d61794ee

SHA512
4f15e690a82d6f86e99a8edc859b333018438ffbb705bb1513034bc8e1f4725f7a031f1fac4a125796991ee16928932138f02d143107c9bf126fc7c9b170e589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
cbfc2ddcbee360dd9be2b9fe77ed35a4

SHA1
57acce754c5fa8392850bc86ffdaed6625d7bd9f

SHA256
8430dab97356f237338ed0ecdb2dff5b8695dd84d4f9ccee6a3784394c60e377

SHA512
5073d2b45b6b147c572d7872c2aa908d099054e8574ca386863952f641b954e7e1fb8c47d1e544186ed4b4ea8c3806eac0a1b9f99b8271e19755fac4fe5b0749

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
02481ecc9f772ac22576626e5e96c418

SHA1
dee8e7fd7a273518ea52e80c7f63a58754c7ac72

SHA256
042b6228580df5e37c7b2c80b66b81711f9f323f3005dbf5856bb5635653f1f5

SHA512
88311682166cab10724312cdf1d50e40941ca75d437a12593f3cf2ba29252cce69f5b4bf89152998db70cad228a3debcdf6967ee6e00b25b7a2552f6b77cde80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
9fef5b8f8da1140498da8355b515415e

SHA1
f4ea73088d065642fef8006eb90a0691bbb930b1

SHA256
3ef1801c979af5776fc104391e3bc7b6cde2e3f49fb2197be7bec8424dbe388e

SHA512
0f9b1e98bdbfc7d24db8027328c9cb4709893c4631a52c5aea8472aa55e2fbb0bfb30b545a53e68a67dabe0a12895d8d7b135be68d10d0daa580bf820a645e62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
ee3c0e539eb8ca4e28949ea59ddc0b2d

SHA1
ba833ca394af13ddbbd70134f0fa1a83905cf39c

SHA256
5c1d6be6fb3c7abd0bb63cb5283d012b7cf40d2c48bc418d11f40082136fe2f5

SHA512
389b40a5731cb4ce987b919c5efa50f5c5c51ffe63a3964aaf3ed96c52f479fe28a5a57b004058c0642e4e5c0543272f537d742b0aaeea4852e0ee314bc67d02

Download Submit
C:\Users\Admin\AppData\Local\Luau Language Server\server\index.js

Filesize
6.1MB

MD5
6b1cad741d0b6374435f7e1faa93b5e7

SHA1
7b1957e63c10f4422421245e4dc64074455fd62a

SHA256
6f17add2a8c8c2d9f592adb65d88e08558e25c15cedd82e3f013c8146b5d840f

SHA512
a662fc83536eff797b8d59e2fb4a2fb7cd903be8fc4137de8470b341312534326383bb3af58991628f15f93e3bdd57621622d9d9b634fb5e6e03d4aa06977253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f081a02d8bbd5d800828ed8c769f5d9

SHA1
978d807096b7e7a4962a001b7bba6b2e77ce419a

SHA256
a7645e1b16115e9afec86efa139d35d5fecc6c5c7c59174c9901b4213b1fae0e

SHA512
7f3045f276f5bd8d3c65a23592419c3b98f1311c214c8e54a4dfe09122a08afb08ab7967b49bd413bc748ce6363658640bc87958d5e0a78974680a8f9beadf44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e681bda746d695b173a54033103efa8

SHA1
ae07be487e65914bb068174b99660fb8deb11a1d

SHA256
fee5f7377e5ca213c1d8d7827b788723d0dd2538e7ce3f35581fc613fde834c2

SHA512
0f4381c769d4ae18ff3ac93fd97e8d879043b8ec825611db27f08bd44c08babc1710672c3f93435a61e40db1ccbf5b74c6363aaaf5f4a7fc95a6a7786d1aced8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
18KB

MD5
82b03f239b58044f1dc310a32f0f0cff

SHA1
58184e5e351719ec9b10bee1693260f4f34e37ee

SHA256
18a1e3a37e5cb38d38d452d2f0ea83b78b915a507ffa9860cac9c33575a3c105

SHA512
884d2835624980f8a8c4eab8da57f93f3b2de8dc4978070d48ce0df355db8a82c291cc8bb7c42703aa55fa11c7180ece5d5bd1877e77ac875fa6155e64576cd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
20560b0c7c0e272072ba21623ee59aa1

SHA1
8ad4be0c6747e3ac84a00449ab084122803ed009

SHA256
ba2145b24060375cfabd8684caae595b4f76fab18c72d44d53384c5db12b6372

SHA512
9ebb1ebc611f28aaa24cc04bf136beb09770f64eb5f48c06b1bf37041724f8c8edd30731504b1b52afd3fc2b09bd4873d1e06deccd6d7dd2c3c113cb3ddf22c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
655B

MD5
75c9eb328a32efba6fe14a7461e987d9

SHA1
fa96791453498e98cfccb40936aa53b99ef00f2b

SHA256
3f1503d1b239e456369b9a326a42eac9503206a7d53a47a1d82bcbb7dbf477f2

SHA512
3e5dee9f4af359b7e04ffdcb55ff3e53ccbe5c00c4f3163b6b1c762d69532d1eced21820fb1515cf2600e65dd2aa92e7bcf536ee346a43169f822cc17b357ac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a544ead3879d3dafe975e02e7880ddf1

SHA1
e9e5079776fe34bcdbfc20fc858f212d3e4ebd03

SHA256
24460d36e8bbd4cee2d270c2a7f3916b74f4a80757b2b1a40ef12810f0e0c143

SHA512
840061346bf4a219037e59ba5e074273c6f4cc75a248d89f4bc1eab85cb03e5407bac3c7e26816099b28a0cfcc1498db2568b01e68efe96dfb56199f4a7ecbcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f0afbb6230de126314ba6accfba7cffc

SHA1
1a25448a7d9ee59e0194c96b3c3e955be1234bfb

SHA256
8d4acd59a4ffbd4d903e27928b7ecdbb1b0d088243f13f8840c354e0b2b6385f

SHA512
e5f2100d40f874a556ab9decbf2b12d20044f88e398f3b80276f296d97cf77f023dccd6f3d338af3b95124b995ed35b18ebd21cff440fc0e409e27e6b674cbe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3ca794a4117ce88a34e6f5a273a5e90f

SHA1
6c7e785d4fb4425d03e0785546804f2e5663fa5d

SHA256
fdf005d5d6bbb09a2cbab23935c0f8995e5d13e059e27af9908919eb828c300e

SHA512
c8238ea2070dede3c19011f08ec7daca45812b192ebaf3f403a9217ca99dfabd5ad8eba9d7dfd6627e5adec3d3894be9b6fd223340f8f55b2b77f5a6eba32312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e880ea34026c74ab6e43211b5fb0eb11

SHA1
1664db8ae5a87f52208aee2345173b669fedb9a8

SHA256
a448b32d9ce88d114104f9b391a4a31251c4c988e5144e4cfcc5123ffcb7449c

SHA512
e4427b84c7e5bdcab0e4828e22477ec7769d430a5ad3aab06f2825cea0f6690639edbdb52de5f43068fb4865a01e189fd1119461f8b7f6356640c96b21968c75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1e363caac72ab35dac3a5e4661aaec9c

SHA1
6e50bb6429985a82ffedacdc2dbc7f860c06c29b

SHA256
7eb55a26f62e96b3bb2effd569d887b4f017044a291cea0dcc83a159df3d704b

SHA512
de7f5033efcc9fc14445b1081f0e8167744481101715d0543c1c1bcace10853647e39daf403f7276e15efd8ef0325ad80f3338d88f2fdc0c250abf380a7dba64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
8e1ca7255dfc9513a302bfb7e39fda34

SHA1
cbe7bf46d42a8c91196ca1c4218cfd83a8b9edfd

SHA256
f559ab4972b2495a1bdffa768d0e9824b2ef63c1ac3a51bcc7140a3ea78c95c3

SHA512
d8592346081d228331f388cd7ac65d97de762501a68f4d45e5d72648c49240123b121be45dbdfdbbbf64af96c9a4d540e5057811422e8cf6767f1bcc34dfcdf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5c88df.TMP

Filesize
372B

MD5
2f7b39226cf885961c210a5288637830

SHA1
c87c6eb2a9c54027f7dedd532a4d3588f5783a03

SHA256
d5556a414bb2455598f136b0131343a97b3da02cb09215f5f9fda8a9dedd2f10

SHA512
83d66e4abe342fb8609d3ec5afc76a47d48baba9362adebfde95234bd27730739b52103ba2cc194ce0ec81e961de74dadc97be676a6ecd4cfc63b77320ddb3d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
aee7d04f53a03833390df1b0fb8a5c79

SHA1
37bdd14eed5b2c1c3eccd0802c6e6fdb92f77996

SHA256
86c6db9e20f765a67ebf05551d509bfe207880120659b85916b218fe8e6f8508

SHA512
bd5ff886c180f45681fdc0dbae2ecc8054749df07bcdbabc69ad6ea657d4a1b98025561808aa6234b79b1e83be74bcfcd360b52bc2e2b82ba27c3e14e5d61c53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
50bdfbfbe5cf158d6777fc833a05fc8f

SHA1
ce374ff22f24b6f537ec552fff80e7e7cd675952

SHA256
216b6082fc86673f6f83790b56e36ebe4f075d143a72c9ddab3742e3474670a4

SHA512
5540499c00acf659a1c6d6cdddfd22dc18f357ac5d91edaf4e7d7e2556d3f0259c60bc5f30ba094d8b72d4dd7bb0135bc1af81047bd82f0781a14b47307f8e20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d665909365a4f969d00879858549812c

SHA1
5c2d7225fd63a6e7d1629527f3bada8192dbfb9c

SHA256
319d9329fc793fb38d424263ff9098bdb04f91eac15cc2f587651ef1b66f06b0

SHA512
538cb8c8008b402c6e71fd6fc3eb6cca25d4550f704e670eff6c37857600d954b09bf3bab5f8d727f91d9efbf89c330cc26764a183739b407257b8df16410777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
40bacebb16ae88fc3cf9e9de59a68447

SHA1
ed82a803dd9f01eb93abd36f9f22cdcfe42b9f9a

SHA256
3ba4d233649782222de46395255c45109840e6bc82e98d66936f4a4864a498b4

SHA512
a6c6e1bf5c507a81fb8b77ebecbfa28dc2b9cf7cf722e09a0a49bd698befc1622984cf69fb7b228ff54f69b00deeb7d33d5aa222434d6d661863cf1d68dba868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
361259c2a2748c44bb1a78c7951aed08

SHA1
eef24b2b935b792b0f72efe943cf712ec4936b9e

SHA256
49b5a8cb3c60c69671585b5cd7bf624b80902e3f31bc6d8a61b30250347957fa

SHA512
a83671a640f8eab018ac0a65784fef37c185e2ed67a2d51be4a09e5b21b536a21b9f3891d6323e8b99355287e8c88364ac9f6b5fb55c3330067fefbf5be699a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dab98f8bac44f4b8ef5bbbc7d2235d24

SHA1
03c57bcc5d6d4fd54ec0fed799b95e2fa7539ab0

SHA256
3cf279205bf4260e82213ef67587845f777abafb264eb8f69944beb6e99026aa

SHA512
c1912d512b8e3595fa7b7ca54b49c86c4c88e39069749bc6691d010c1e7033a5453dddf18f2cb260019911dd7a4690684236beb300e93783dfe220b61ddbbadd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
896KB

MD5
49378ebca9eee3209637225717702414

SHA1
0fb8c4568992c1ed04a912c406cd8301016a6b7c

SHA256
275ad09b940cf730e7a28519d8dfbb3642eee40b62f26de14eb9916b7f57d1c0

SHA512
60f5e270d56856e164b04f53bcad8e227401b034c09268f1ea07affb45f2f71e0f23018efeeb61fdfd8ad97a5d2e78449162ddceae9821ef1b56006e377d784a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.Core.dll

Filesize
915KB

MD5
100c32f77e68a2ce962e1a28997567ea

SHA1
a80a1f4019b8d44df6b5833fb0c51b929fa79843

SHA256
c0b9e29b240d8328f2f9a29ca0298ca4d967a926f3174a3442c3730c00d5a926

SHA512
f95530ef439fa5c4e3bc02db249b6a76e9d56849816ead83c9cd9bcd49d3443ccb88651d829165c98a67af40b3ef02b922971114f29c5c735e662ca35c0fb6ed

Download Submit
C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe

Filesize
7KB

MD5
516ff62b2e1f4642caa954c0968719e8

SHA1
e349d0ce82e2109dd0d18416d9cf46e8411b7f15

SHA256
19da58849cec5933860116e60a1e94b08e30d90e0f955768270b47998d612045

SHA512
7aa4a0c87b29c2a84f585a884d8208fc2352a43f2cdb549c100e3b121837ad5f8dadb1101f57d1d3fcb7ebec9d9f22e07dc14239b7d2e2d25793c999becf288b

Download Submit
C:\Users\Admin\AppData\Local\Wave\CefSharp.Core.Runtime.dll

Filesize
1.3MB

MD5
09cba584aa0aae9fc600745567393ef6

SHA1
bbd1f93cb0db9cf9e01071b3bed1b4afd6e31279

SHA256
0babd84d4e7dc2713e7265d5ac25a3c28d412e705870cded6f5c7c550a5bf8d5

SHA512
5f914fa33a63a6d4b46f39c7279687f313728fd5f8437ec592369a2da3256ccff6f325f78ace0e6d3a2c37da1f681058556f7603da13c45b03f2808f779d2aa1

Download Submit
C:\Users\Admin\AppData\Local\Wave\CefSharp.Core.dll

Filesize
898KB

MD5
1bb24b22d9bd996c038d26b600ed18a8

SHA1
c2629a8a26c9c0969501923f84874838087cca2b

SHA256
944b987a0b677d354e24ee15bba65f73b0f051338f576234a975a49493399873

SHA512
38578e0d1a39ccc9851ff80d3a0f5342a34303229e2898c3ca32dad11017d4277720f54b472c2f1a0b73f47d5ba6352aa7be8ae2ed72b3b25a01dd8292591421

Download Submit
C:\Users\Admin\AppData\Local\Wave\CefSharp.Wpf.dll

Filesize
114KB

MD5
ceaf0bad83fac8ce71853cd820e4ed9d

SHA1
4eed686fbba7d4603b596fb8e494b8f452a05886

SHA256
eaced1f76adb8ee756033baee29a47b1f4d4b657ebd105a7e25c8dc4fbc48cba

SHA512
4ed3f83e797eade8f0d1c6b80ce49d18f00daaf5d69421a4920e3cea2e7d78c3622193ca65b6ab1dab14c57e7f893a7b1edb27b83f343ea4df731d80aa21ff82

Download Submit
C:\Users\Admin\AppData\Local\Wave\CefSharp.dll

Filesize
272KB

MD5
9ca06a8f9e5f7239ca225ab810274023

SHA1
e1a219f567a7b7d3af9386df51b14c76e769c044

SHA256
5fd00ae3e83e6ca156647ff6df87b49ffc7cad47c23fe3ae07c067c5adf6f74a

SHA512
430c9bceed5439b987d5bd4840cfe32411ca61594f18597aca1948aa39a22c9d70beadf3bb9b1dd0373f81a94a25dcba17fa8e8c73abf06cba28d0971d5614c5

Download Submit
C:\Users\Admin\AppData\Local\Wave\D3DCOMPILER_47.dll

Filesize
3.9MB

MD5
3b4647bcb9feb591c2c05d1a606ed988

SHA1
b42c59f96fb069fd49009dfd94550a7764e6c97c

SHA256
35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7

SHA512
00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe

Filesize
949KB

MD5
8fb51b92d496c6765f7ba44e6d4a8990

SHA1
d3e5a8465622cd5adae05babeb7e34b2b5c777d7

SHA256
ab49d6166a285b747e5f279620ab9cea12f33f7656d732aa75900fcb981a5394

SHA512
20de93a52fff7b092cb9d77bd26944abed5f5cb67146e6d2d70be6a431283b6de52eb37a0e13dc8bc57dcf8be2d5a95b9c11b3b030a3e2f03dd6e4efc23527a6

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe

Filesize
8.0MB

MD5
b8631bbd78d3935042e47b672c19ccc3

SHA1
cd0ea137f1544a31d2a62aaed157486dce3ecebe

SHA256
9cfda541d595dc20a55df5422001dfb58debd401df3abff21b1eee8ede28451c

SHA512
0c51d6247e39f7851538a5916b24972e845abfe429f0abdc7b532f654b4afe73dc6e1936f1b062da63bfc90273d3cbc297bf6c802e615f3711d0f180c070aa26

Download Submit
C:\Users\Admin\AppData\Local\Wave\bin\Background.mp4

Filesize
4.6MB

MD5
9782180eb68f73030fe24ef6a1735932

SHA1
589827fe098ba048c9f871a28db8eae3e3537ff4

SHA256
3a1cbb800f8f25c2ab703ba8bfdb01e938e4143c3bc0fea8ca734fb5ba779ba7

SHA512
dc768638bae2d6d47d8910252ae64a656d8a6fd88efdf24165ddce51b7afdb4acb3fddd41dfe788737a2cab4fab66174db2f0d2f48bc8669af76d1656bca8be1

Download Submit
C:\Users\Admin\AppData\Local\Wave\chrome_100_percent.pak

Filesize
667KB

MD5
ae195e80859781a20414cf5faa52db06

SHA1
b18ecb5ec141415e3a210880e2b3d37470636485

SHA256
9957802c0792e621f76bbdb1c630fbad519922743b5d193294804164babda552

SHA512
c6fef84615fe20d1760ca496c98629feb4e533556724e9631d4282622748e7601225cf19dfb8351f4b540ae3f83785c1bcea6fe8c246cf70388e527654097c1c

Download Submit
C:\Users\Admin\AppData\Local\Wave\chrome_200_percent.pak

Filesize
1.0MB

MD5
1abf6bad0c39d59e541f04162e744224

SHA1
db93c38253338a0b85e431bd4194d9e7bddb22c6

SHA256
01cb663a75f18bb2d0d800640a114f153a34bd8a5f2aa0ed7daa9b32967dc29e

SHA512
945d519221d626421094316f13b818766826b3bedddab0165c041540dddadc93136e32784c0562d26a420cb29479d04d2aa317b8d605cd242e5152bf05af197e

Download Submit
C:\Users\Admin\AppData\Local\Wave\chrome_elf.dll

Filesize
1020KB

MD5
7191d97ce7886a1a93a013e90868db96

SHA1
52dd736cb589dd1def87130893d6b9449a6a36e3

SHA256
32f925f833aa59e3f05322549fc3c326ac6fc604358f4efbf94c59d5c08b8dc6

SHA512
38ebb62c34d466935eabb157197c7c364d4345f22aa3b2641b636196ca1aeaa2152ac75d613ff90817cb94825189612ddd12fb96df29469511a46a7d9620e724

Download Submit
C:\Users\Admin\AppData\Local\Wave\icudtl.dat

Filesize
10.2MB

MD5
74bded81ce10a426df54da39cfa132ff

SHA1
eb26bcc7d24be42bd8cfbded53bd62d605989bbf

SHA256
7bf96c193befbf23514401f8f6568076450ade52dd1595b85e4dfcf3de5f6fb9

SHA512
bd7b7b52d31803b2d4b1fd8cb76481931ed8abb98d779b893d3965231177bdd33386461e1a820b384712013904da094e3cd15ee24a679ddc766132677a8be54a

Download Submit
C:\Users\Admin\AppData\Local\Wave\locales\en-US.pak

Filesize
456KB

MD5
4430b1833d56bc8eb1f7dc82bb7f4bc9

SHA1
dc15e6306625f155683326e859d83f846153c547

SHA256
b44ddcfac9df4934007e6c55a3c7f5e7f14c7e5e29f35c81de917fc3b22aabbc

SHA512
faf93bf371b2a88c1b874a5e2c54e4487fd152ad19c2a406a46f55ae75ecd421a779888c2e4c170857b16bfb5d8744bc1815a4732ed50b064b3cbd0c5ffad889

Download Submit
C:\Users\Admin\AppData\Local\Wave\resources.pak

Filesize
8.0MB

MD5
4933d92c99afa246fc59eef010d5c858

SHA1
98d443654e93c73dd317f9f847f71fba3d5b3135

SHA256
62f4674daa15245ee081920b8ee191e72f36ca8fe24f6b986a832f45676915b2

SHA512
a3a69523c8e7310716daeebc06c2ba4fce673eccd1958e824ff179b82f4502d0ec095190179bbb387342e4150f952ea7533182fb6ba90377d17dafba8f4da623

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
8b93ab0c0dcc936d9f8483fedb2e7a09

SHA1
30ea7861aeb3249aef3cb5d081f2b18b823cd828

SHA256
745cf86e78d4f114394224bf043bd5b4eb3d43b181989f8b2e54a723233fc526

SHA512
ac77513690b1c6e00e99f66c8b46df4279bb36345572ba0ea8653552b88ca3145ce6fb3bd4231d768d7298619ee3bb66fcf096886aaf5e9c76239f8ee96de500

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
9KB

MD5
5124824b601e2e7d1bcaf6081bbaa69b

SHA1
a29fe83348b6982a58298fef69156da0fedc8db9

SHA256
f0b9a6c4b8b8c74fabc97e1514a41bd529f0c56ce05604a28296af48809bb37e

SHA512
b4598a6be5ec7b0d57a7f825b68c40053ddc4dff831dcf8aad0a993c48f4de232a64ea75ddfb7f2f9746ea5e1e6a344a57bd93c24f32dcce1f163ae60fd564c3

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 288293.crdownload

Filesize
772B

MD5
9746d6f18983b91674c725d07fe7bffe

SHA1
439f32622eb4fd1bfb2033d7ba400240cc9a91b4

SHA256
94b5578309ac88006fd69901b860216862d4e6535ac635e0b0bb1be6a6a9d67e

SHA512
8d95202ecab0a8aceb28e371edb855a124b953c2dab49e4112ac01808651c490bd4d5f5349c7ed415841d3bb00b6041e24d4a518760a2a25f8a6913c1d29b6c3

Download Submit
C:\Users\Admin\Downloads\freemium-tasks (1).htm:Zone.Identifier

Filesize
110B

MD5
2555eda35bde8f5feb53a40414e19990

SHA1
8fd6752d09a69ec64d06a10695df2f16c8c5fffc

SHA256
0d5c3d33533a0e14f5413db0aab264b6b754dfeceaf579674657562beb210b85

SHA512
bcd08763fd11b1faa5ab5272d318467e45f97550c441f43c9ce8320c3546ad280e7a69d6aedbe58793524ef2340485cb32aafafe0ba8a26756f04e99a075260d

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3100_1112527996\manifest.json

Filesize
984B

MD5
0359d5b66d73a97ce5dc9f89ed84c458

SHA1
ce17e52eaac909dd63d16d93410de675d3e6ec0d

SHA256
beeab2f8d3833839399dde15ce9085c17b304445577d21333e883d6db6d0b755

SHA512
8fd94a098a4ab5c0fcd48c2cef2bb03328dd4d25c899bf5ed1ca561347d74a8aab8a214ba2d3180a86df72c52eb26987a44631d0ecd9edc84976c28d6c9dc16a

Download Submit
memory/2696-613-0x0000000000580000-0x0000000000588000-memory.dmp

Filesize
32KB

Download
memory/2696-621-0x0000000004F40000-0x000000000502A000-memory.dmp

Filesize
936KB

Download
memory/3016-424-0x0000000009CF0000-0x0000000009D06000-memory.dmp

Filesize
88KB

Download
memory/3016-420-0x0000000000CE0000-0x0000000000DD2000-memory.dmp

Filesize
968KB

Download
memory/3016-426-0x0000000009DD0000-0x0000000009DEE000-memory.dmp

Filesize
120KB

Download
memory/3016-425-0x0000000009D30000-0x0000000009D3A000-memory.dmp

Filesize
40KB

Download
memory/3016-423-0x0000000008DB0000-0x0000000008EB4000-memory.dmp

Filesize
1.0MB

Download
memory/3100-548-0x000000000D300000-0x000000000D310000-memory.dmp

Filesize
64KB

Download
memory/3100-564-0x000000000B6A0000-0x000000000B6B0000-memory.dmp

Filesize
64KB

Download
memory/3100-584-0x0000000009360000-0x00000000093AA000-memory.dmp

Filesize
296KB

Download
memory/3100-580-0x00000000092E0000-0x0000000009304000-memory.dmp

Filesize
144KB

Download
memory/3100-555-0x0000000006B70000-0x0000000006B80000-memory.dmp

Filesize
64KB

Download
memory/3100-556-0x0000000006B70000-0x0000000006B80000-memory.dmp

Filesize
64KB

Download
memory/3100-563-0x000000000B6A0000-0x000000000B6B0000-memory.dmp

Filesize
64KB

Download
memory/3100-558-0x0000000011990000-0x0000000011B18000-memory.dmp

Filesize
1.5MB

Download
memory/3100-559-0x000000000B6A0000-0x000000000B6B0000-memory.dmp

Filesize
64KB

Download
memory/3100-560-0x000000000B6A0000-0x000000000B6B0000-memory.dmp

Filesize
64KB

Download
memory/3100-561-0x0000000006B70000-0x0000000006B80000-memory.dmp

Filesize
64KB

Download
memory/3100-562-0x0000000006B70000-0x0000000006B80000-memory.dmp

Filesize
64KB

Download
memory/3100-557-0x000000000D300000-0x000000000D310000-memory.dmp

Filesize
64KB

Download
memory/3100-552-0x0000000006B70000-0x0000000006B80000-memory.dmp

Filesize
64KB

Download
memory/3100-550-0x000000000B6A0000-0x000000000B6B0000-memory.dmp

Filesize
64KB

Download
memory/3100-549-0x000000000B6A0000-0x000000000B6B0000-memory.dmp

Filesize
64KB

Download
memory/3100-545-0x0000000006B70000-0x0000000006B80000-memory.dmp

Filesize
64KB

Download
memory/3100-432-0x0000000000A60000-0x0000000001262000-memory.dmp

Filesize
8.0MB

Download
memory/3100-438-0x0000000009C20000-0x0000000009CD2000-memory.dmp

Filesize
712KB

Download
memory/3100-547-0x0000000006B70000-0x0000000006B80000-memory.dmp

Filesize
64KB

Download
memory/3100-544-0x0000000006B70000-0x0000000006B80000-memory.dmp

Filesize
64KB

Download
memory/3100-532-0x000000000AE30000-0x000000000AE38000-memory.dmp

Filesize
32KB

Download
memory/3100-531-0x000000000AD80000-0x000000000ADE6000-memory.dmp

Filesize
408KB

Download
memory/3100-530-0x000000000A140000-0x000000000A17E000-memory.dmp

Filesize
248KB

Download
memory/3100-494-0x000000000D470000-0x000000000D99C000-memory.dmp

Filesize
5.2MB

Download
memory/3100-493-0x0000000006270000-0x00000000062A8000-memory.dmp

Filesize
224KB

Download
memory/3100-468-0x000000000B6B0000-0x000000000BA07000-memory.dmp

Filesize
3.3MB

Download
memory/3100-467-0x000000000B3C0000-0x000000000B3E2000-memory.dmp

Filesize
136KB

Download
memory/3100-546-0x0000000006B70000-0x0000000006B80000-memory.dmp

Filesize
64KB

Download
memory/3100-433-0x0000000005D80000-0x0000000005E20000-memory.dmp

Filesize
640KB

Download
memory/3100-904-0x00000000059D0000-0x00000000059DA000-memory.dmp

Filesize
40KB

Download
memory/3100-588-0x00000000179B0000-0x0000000017A96000-memory.dmp

Filesize
920KB

Download
memory/3100-592-0x0000000017AA0000-0x0000000017BFB000-memory.dmp

Filesize
1.4MB

Download
memory/3100-554-0x0000000006B70000-0x0000000006B80000-memory.dmp

Filesize
64KB

Download
memory/3100-551-0x0000000006B70000-0x0000000006B80000-memory.dmp

Filesize
64KB

Download
memory/3100-553-0x0000000006B70000-0x0000000006B80000-memory.dmp

Filesize
64KB

Download
memory/3580-923-0x00000000098D0000-0x00000000098D1000-memory.dmp

Filesize
4KB

Download
memory/3580-926-0x00000000098D0000-0x00000000098D1000-memory.dmp

Filesize
4KB

Download
memory/3580-916-0x00000000098D0000-0x00000000098D1000-memory.dmp

Filesize
4KB

Download
memory/3580-915-0x00000000098D0000-0x00000000098D1000-memory.dmp

Filesize
4KB

Download
memory/3580-922-0x00000000098D0000-0x00000000098D1000-memory.dmp

Filesize
4KB

Download
memory/3580-921-0x00000000098D0000-0x00000000098D1000-memory.dmp

Filesize
4KB

Download
memory/3580-924-0x00000000098D0000-0x00000000098D1000-memory.dmp

Filesize
4KB

Download
memory/3580-917-0x00000000098D0000-0x00000000098D1000-memory.dmp

Filesize
4KB

Download
memory/3580-925-0x00000000098D0000-0x00000000098D1000-memory.dmp

Filesize
4KB

Download
memory/4328-173-0x000001E49B300000-0x000001E49B301000-memory.dmp

Filesize
4KB

Download
memory/4328-166-0x000001E49B300000-0x000001E49B301000-memory.dmp

Filesize
4KB

Download
memory/4328-165-0x000001E49B300000-0x000001E49B301000-memory.dmp

Filesize
4KB

Download
memory/4328-167-0x000001E49B300000-0x000001E49B301000-memory.dmp

Filesize
4KB

Download
memory/4328-177-0x000001E49B300000-0x000001E49B301000-memory.dmp

Filesize
4KB

Download
memory/4328-176-0x000001E49B300000-0x000001E49B301000-memory.dmp

Filesize
4KB

Download
memory/4328-175-0x000001E49B300000-0x000001E49B301000-memory.dmp

Filesize
4KB

Download
memory/4328-174-0x000001E49B300000-0x000001E49B301000-memory.dmp

Filesize
4KB

Download
memory/4328-171-0x000001E49B300000-0x000001E49B301000-memory.dmp

Filesize
4KB

Download
memory/4328-172-0x000001E49B300000-0x000001E49B301000-memory.dmp

Filesize
4KB

Download
memory/5116-10-0x00000000748EE000-0x00000000748EF000-memory.dmp

Filesize
4KB

Download
memory/5116-190-0x00000000010D0000-0x0000000001166000-memory.dmp

Filesize
600KB

Download
memory/5116-192-0x00000000010A0000-0x00000000010A8000-memory.dmp

Filesize
32KB

Download
memory/5116-191-0x0000000001170000-0x0000000001196000-memory.dmp

Filesize
152KB

Download
memory/5116-194-0x0000000005640000-0x00000000056B2000-memory.dmp

Filesize
456KB

Download
memory/5116-422-0x00000000748E0000-0x0000000075091000-memory.dmp

Filesize
7.7MB

Download
memory/5116-196-0x0000000005610000-0x000000000561A000-memory.dmp

Filesize
40KB

Download
memory/5116-195-0x0000000005600000-0x000000000560A000-memory.dmp

Filesize
40KB

Download
memory/5116-11-0x00000000748E0000-0x0000000075091000-memory.dmp

Filesize
7.7MB

Download
memory/5116-12-0x00000000748E0000-0x0000000075091000-memory.dmp

Filesize
7.7MB

Download
memory/5116-8-0x000000000A040000-0x000000000A078000-memory.dmp

Filesize
224KB

Download
memory/5116-9-0x000000000A010000-0x000000000A01E000-memory.dmp

Filesize
56KB

Download
memory/5116-0-0x00000000748EE000-0x00000000748EF000-memory.dmp

Filesize
4KB

Download
memory/5116-7-0x00000000748E0000-0x0000000075091000-memory.dmp

Filesize
7.7MB

Download
memory/5116-6-0x0000000005440000-0x0000000005448000-memory.dmp

Filesize
32KB

Download
memory/5116-5-0x0000000005430000-0x0000000005438000-memory.dmp

Filesize
32KB

Download
memory/5116-4-0x0000000005560000-0x00000000055E2000-memory.dmp

Filesize
520KB

Download
memory/5116-3-0x0000000005380000-0x0000000005432000-memory.dmp

Filesize
712KB

Download
memory/5116-2-0x00000000748E0000-0x0000000075091000-memory.dmp

Filesize
7.7MB

Download
memory/5116-1-0x00000000006C0000-0x000000000090A000-memory.dmp

Filesize
2.3MB

Download