344700d3141170111a9b77db100f6961cc54a2988d964d34f7e1ca57aa42aa2a

Analysis

max time kernel
1767s
max time network
1590s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
18-08-2024 11:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

waveinstaller official.exe
Size

1.5MB
MD5

c822ab5332b11c9185765b157d0b6e17
SHA1

7fe909d73a24ddd87171896079cceb8b03663ad4
SHA256

344700d3141170111a9b77db100f6961cc54a2988d964d34f7e1ca57aa42aa2a
SHA512

a8612836fb4714b939d03f7fe08391bbc635ca83ab853fc677159e5db6b00f76b9b586bdae9c19d2406d9a2713d1caf614132cb6c14e1dddc6ac45e47f7e5a5d
SSDEEP

24576:9viinbT3ipyqwPx4x3RyFoBkkAd04wJAAh/jV1gJcPNZI6fntX3HOt2pbs81ind2:EinbT3ipTD0anywJAaD/3U2pb7indT

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 1 IoCs

Processes:

WaveInstaller.exe

pid process

876 WaveInstaller.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2764 2288 WerFault.exe waveinstaller official.exe

pid	process
876	WaveInstaller.exe

pid	pid_target	process	target process
2764	2288	WerFault.exe	waveinstaller official.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

waveinstaller official.exeWaveInstaller.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	waveinstaller official.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveInstaller.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exe

pid process

2784 chrome.exe
2784 chrome.exe
2784 chrome.exe
2784 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

waveinstaller official.exechrome.exeWaveInstaller.exe

description	pid	process
Token: SeDebugPrivilege	2288	waveinstaller official.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeDebugPrivilege	876	WaveInstaller.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

Processes:

chrome.exe

pid	process
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

waveinstaller official.exechrome.exe

description	pid	process	target process
PID 2288 wrote to memory of 2764	2288	waveinstaller official.exe	WerFault.exe
PID 2288 wrote to memory of 2764	2288	waveinstaller official.exe	WerFault.exe
PID 2288 wrote to memory of 2764	2288	waveinstaller official.exe	WerFault.exe
PID 2288 wrote to memory of 2764	2288	waveinstaller official.exe	WerFault.exe
PID 2784 wrote to memory of 2828	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 2828	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 2828	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1684	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1656	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1656	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1656	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 2816	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 2816	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 2816	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 2816	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 2816	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 2816	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 2816	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 2816	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 2816	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 2816	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 2816	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 2816	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 2816	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 2816	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 2816	2784	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\waveinstaller official.exe
"C:\Users\Admin\AppData\Local\Temp\waveinstaller official.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 1556
2⤵
- Program crash
PID:2764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef8059758,0x7fef8059768,0x7fef8059778
2⤵
PID:2828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:2
2⤵
PID:1684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1552 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:8
2⤵
PID:1656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1660 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:8
2⤵
PID:2816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:1
2⤵
PID:796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:1
2⤵
PID:1068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1628 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:2
2⤵
PID:1308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1360 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:1
2⤵
PID:1368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3660 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:8
2⤵
PID:2272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3904 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:1
2⤵
PID:1000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2396 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:1
2⤵
PID:1908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3704 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:8
2⤵
PID:2756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3856 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:8
2⤵
PID:1460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4060 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:8
2⤵
PID:2004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4048 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:8
2⤵
PID:2248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4132 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:8
2⤵
PID:1848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4140 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:8
2⤵
PID:1808

C:\Users\Admin\Downloads\WaveInstaller.exe
"C:\Users\Admin\Downloads\WaveInstaller.exe"
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4180 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:1
2⤵
PID:3008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3972 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:1
2⤵
PID:2488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1960 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:1
2⤵
PID:332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2068 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:1
2⤵
PID:2916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4048 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:1
2⤵
PID:2028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3824 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:8
2⤵
PID:2684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2620 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:1
2⤵
PID:1324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4268 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:8
2⤵
PID:1436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4372 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:8
2⤵
PID:2144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=1064 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:1
2⤵
PID:1992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=1068 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:1
2⤵
PID:1840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=3964 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:1
2⤵
PID:2352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=2468 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:1
2⤵
PID:1972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4072 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:1
2⤵
PID:2920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=3972 --field-trial-handle=1320,i,7460870219315458719,16520991388806782582,131072 /prefetch:1
2⤵
PID:2940

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2208

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

System Location Discovery

T1614

System Language Discovery

T1614.001

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
Filesize
230B

MD5
3327b16010008c0ba52e31ee10107a2c

SHA1
97ffa44f992083838edb59b7165c1b5b50cbe6ec

SHA256
b3b48e1ecdeb76cf641c81fa7b9fe98be48e24e1b62ec50f58fb45e34e6f51a2

SHA512
b2fbc523009c9ac494ab764fb7a6725968d177df4cad5c8d37cf39339a92d5b5cfbb2a1d44551076efec290a13b29297a6f7d5114cc8faef9f125218baa37747

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
57bc3a05c97e2d956b7198a74c6c3302

SHA1
83c0bbfde11a728b07b97e5b77145e1e2d14dac8

SHA256
81c730ffbf443c26639ac0bc0bc5192f48c5f8d30ce0e0984461c0b9cfed06d8

SHA512
97203c04f6998b02c721608729f2eee098dee747c3cc1d803f6e1be67b04738be5ee1d9f84f3496172b0d08b806ddf3c084faf8b75c58fe4f911338c4275d2ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
ac54e032e2169d3853f60087b0508558

SHA1
13d1b95b05726ca7140bddebb43132d761b9ce98

SHA256
f37ce4e71e4cbc587ae28cd0581e0ae80dbd266e287b80fc0613c48c18a77d08

SHA512
033d3aa67a373db54b1f0edfd512b9f32f7735f0508f9bb27f2c1a3556db5b88e36039c3e2b1df8dac31495db94f004c04d431eff3c1a5d67f537cbd6a542d3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
5ff85fcdb8ddf83b562f828c57d4fdb0

SHA1
dfe49abc8621a7b5a80f666906a274c6e1515a39

SHA256
d40910a6d09bd05fe78e92af62bd68fb8c632462be074941e4db1dc476e9be1f

SHA512
1ab6ca8f422db0c13841fcd99b5d2fc81fcc685d6871c42a0da725057034522f46bfef19da817db011b43b2910788059d4cc5a17d6a7c1d32d148340ed1599b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
94a5bea7d37af5a3fdb567caea0a5da5

SHA1
6d1ab50638dc02d03c1dcc6a83e5b8fc170ae412

SHA256
1cc4f8600475fe3b694deac72ed1218e645858b3d48f291ddc9aaaaabb6ee592

SHA512
68c467a983ad2c9cbf5c3f3e2e4c87b0a7270b45849fced21538d3cda3ac6171090f9bdeb7a26253647d5b035597e21f610e39c2310b5f9ef184af0e7c936892

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
9d1bed0ff23f2d59ea7cfb729a16879a

SHA1
bd400826f0f381acd43eb54a839b458830ad9579

SHA256
950ad33988569beeb2dc0a8ed2b0ae524102290b61146ab7f5f56278f3d776f7

SHA512
80bb97a054cd6e13d24c67d3bb7684998653468bd20a43b09cd106e19d50d1d68d421644f389c71ea8684b9ef0cc9bd62723502e6faab9fa31dbc9025c2b1cfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
99ab8bbb66f7bf69cbde8924c88e56c3

SHA1
ce2655ebf531ba20a1b19ded08b52072c16b711b

SHA256
9dd4b513c9b0294196d9093f1bdd524ddf5bc421da973214eed5af79dffd3fa7

SHA512
8617aa1e13cf52b4da36cf00c5a4ce8a0dc8e864214b079c11944be00a36844ab14df227ff9281c48d1b75d4e364f8cff99c446122f79cf1a2e27f734776166b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
336B

MD5
ba58bb8966db8c05cffb44a4bab4eddb

SHA1
7f3c6cc63f6eb213a49cc56b93228d70e0daa979

SHA256
fb6bc70dc6d00f0dff9ff38cfcdaa1a0baf435ce8521a3d7502b9fe12dedf739

SHA512
5ebe7b993d1b20b64cc5d35603641d9e0e685572a379bd07d3047ee9cd787a17ffbd41a5ea9851e8af73bab4d7fe15c02488b643328474ca6b005f5bf8c07964

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
336B

MD5
8ab905fd62a872269f0b85df5a63487a

SHA1
72242f3d1ecd81bc8a9272c9aff59cbfa651d6e7

SHA256
c0ba7941fdb4451e5b79f9bddf74d6b1354a0df1e4f5b9e01ef6a8b01cad9b4a

SHA512
d515e9caebf9973c127c33ad2dc30425fce58351b94d215dbcd67803eae9683c708f97a772d6b6b556c1a86e6b324265ccf578a65d62cdecaff489641d97bf90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
fe2583d7c6c812a7bee2f29917024e55

SHA1
8fe61ecf835d62c41be863df3f0b4a4a83e5104a

SHA256
ca5932616bf6cf033b823e14a943d2221451e650e1139712169a2c0dcfb2ea13

SHA512
a305f1323f47852a43fc7d4e76e6d47bb340ca03c38bd841f192ad06cb43ccb277cf8e6c75c2a235a3214f85c5d277b3da1caa5a13e44880bb4b06780ec8cbad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
f7ceedb1ccc7e802b03375e1a5d4b52a

SHA1
9e16c5a5465cd9a5e76e8187335cc4068525d2e6

SHA256
8c77cb994dde17aec2156dade51e6a0886698756e6d0c4fd713c1704bd1153cd

SHA512
744ae52a1450bcc5ca1c32210f21976a6c3c22078d60b65929d43260656d8ae0fa533cf3eeca10a57b9a9b2fad5bee15e879111a09aba9e196b0488d10fb7071

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RFf79bcca.TMP
Filesize
2KB

MD5
2fbe0e3c032b958dc75953918b3d5b7a

SHA1
712be8c60d9caa73ae79e2fdf0225531ecfae22d

SHA256
d050fbe91aff3213a3bc9f99b4212cc04ad6f9e306192da77448b3b20ee3110e

SHA512
624416789d8ed9e56c69780365d551287aa995c964da6a9dace4269fe640310572053692c004c75f8cfb25cfc8d416cb7177869ebcac65d7b0e77261ecda9c44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT~RFf7957d1.TMP
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
d870ec18bc78d7676287417358ec5eac

SHA1
1a3ffe61e08786eeede8c812ad702c008c863e84

SHA256
a19f1545ad81004acd246dc00e55468c1def41fb2c1741d9aca30de841a92426

SHA512
3cabb17484bbc36481372a6789426c095f88945df430ac86953d880f87cb0dc11ec492baba2ec264ebeb42e6c8d75a08b0ce192ac1fd9e6bb2798634d72b63ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
89e9923977f3b9089c6aa058949dfcfa

SHA1
e7c064225ee56548dcb7d71b6b1d8dd2b7b61467

SHA256
bd8c3844b161b9802e2ebe0439dbd8875e81a648f8a9cdf82d3cff25c1e14c50

SHA512
af3403314eedf85e4f67f1d7fdb4c570b8afbe6fc887b369e84933f36027bbe75ced1d87ccd91f3dc20d27dc8bbade7c6d7590e2a0cefab1141190b2b1fa3bb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
ce04a385ce43807dcc3ee85cfc1f4daa

SHA1
91137d8fc682cf7747cb239427fcd2b0c0820956

SHA256
3b393f855d557856bd3e69aca9acb5fb041892c88d8f9bc2be3caacaa45efc0d

SHA512
72d57d48b369eb23c4c135331ba1691a25007cab0e74c7f87665414dabb6298f236f79c397773c1ba281b8f2d60abff22676e65cbf9833e2a0efa859d2b63073

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
b77201b548d22703fb1ec7406b67f25b

SHA1
fcb0213e9a92c38ee33e2458c1b36e3f610211fd

SHA256
4e5895480307db9dbd4c61d536b60f5b31779a3bcdf762a60505bbb06875060d

SHA512
e4865f610c8b32487bda66eaeeb8175bf288a08b3d193517ec89db6c81f0134c149feacc1eb5dc20b486ca923977bc50cfda765e079b80c4cd5e985ea2d65fab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
0994072eeebc6823ea336c294883e261

SHA1
2f7c71acdf691c5a5b1619302f05b598e6c34e16

SHA256
2e100cfd48c7affd0c60599fce19cd3294037463d99c40a2492ae3ebd20aeeb5

SHA512
fc78ab89878e95c98b9bba51257089f40d83065e1978cf2d82775e0acdb69f4ba5de8932aec4702d341c4a58edcb6c1fd9eb78a606cefa3923b925a480558876

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
61377f31cb3c8b8b48e2a06279ee6992

SHA1
15691f0a19d01f207995a305ef2b4267ac101d90

SHA256
a86c1e75ea1c3eec0cc7c4e0cf9efb5a76e33b91b073fc3e221f41746350502a

SHA512
130eb8c740bb6a06921a06ef06542b6ae331851bfd703fa79b66e2ae87a9efa18c700c2c1ccdacc1047c681f4d46c9e2effda13f67b68576616cae6aad0fdd21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
ca080b21741804e1ed0ea1f0778077bb

SHA1
7a542cd1da661a69300de0243ef696f1fdb67ce9

SHA256
4f8f39fb6eec9d576ab61d21f8ace55db3c27d45867a3177038cf821d424a9fa

SHA512
3578ddcc844720fb99e9e65425f9e5520abb2f04fcfa7769fe795a0cce7ee3d2011a80f49dd7d0a511ac412062170bb92868e8fd6673122e915c5dfaf2c2b978

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
70586e2b794e7715f3185d0c81950d4a

SHA1
7d628ffd2231eaced8e40156da8f4ae4a4a8a7eb

SHA256
3e70d9255ab1a1eb1e611cdbe9d5994721e6132d32c623bf205d6b8b7b466492

SHA512
2b7e70423f0120f24b8cdd7e75049feec99be9a8135aca10b177a79edf9189746d36392ff8b56e11f1632ef2b8e6edebeb3545cc14fa4b47a719389710c325ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
5dc1b92ddb9a8704eb397c68a1b21288

SHA1
f2a15bba04a93b301d9d738514d27af416d10529

SHA256
020bd95f330deefb2425465613f2cac476c4870027695c8a12c7c20f3132b513

SHA512
54462255cf27f7136dc97ce0aa657700198add88a51e90f8f253b3c53b97dee58675f46cb4c29d8ba86adc9b4d7197a46ad0617427da3becc40fcc81a9a612b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
b254fc3bb3a67419393319919e8d839d

SHA1
0ecd3e0e8b8423c7f01f8964b932e223af65e3f2

SHA256
752260526d64c4ba29f254ba029cd05393af8e101b43fac9e8d96b9164a782a4

SHA512
5070ffc75d16cb6d907f605ed5131eb06773fdf9ef0390d7c022796ad673443731476abc797c94b9915c93c0a6ed19070945fff06b71995b5fa2aaa6484d58c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
0eb8cb9588e865e6cbd9f5e535df04c4

SHA1
490d525b3b0587e088283442cf34da5a7dd5aea8

SHA256
0eedf4de6706545d31169bd9e69080dd4d030aa8d58af791c4223e119df95327

SHA512
64c3a185a63bb6058ba0b88d5afd2be5e587bfaf55cce7a08001d55fe5b8bc257cc5fa1a484240b52634016c865b3ce355c95e1e5ee0d536ba0034cf1bc722ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
359B

MD5
a0dcdca9ac266cdc213ac604bbc1866f

SHA1
238705a2071b143fa8f4c67d35592587a955fa5e

SHA256
80737e4053f26203db891427b0789f10129fc0e51cb14b82e1e2a5cd033c39db

SHA512
77701999c2dedc9c3511ccb285f87ee72a2db1fc4a72c40b3a713df131563e763158df6e6075b17053172d833c66e02e099d163da226e7ab2b35a2567586c94d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
a0e74122544f9011e23abc2a7b12a8e8

SHA1
1279d105b4a984561aba2fb7a8b74230136decae

SHA256
12d4465a5432059aa13d2757fa6ac3bc90c97e89452fb9eb26aaf274699e0231

SHA512
55cd80c620cf0518980defec4e1e071e0d1e6513922865e0bc7bacc2402af87a631bc9d386210b982243a04cb0a86d0ed4fc68da7a6e2d663c2c70c63b98cc62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
5907cae7de22f190fd3323ec2ed63e69

SHA1
797395a99708fa4f927d804936fecfa907b094b3

SHA256
34584ad1719c9ec6e5cef0365f688f34638f0b9782cfd61618c83c409636c18a

SHA512
7f16ee87e0a5ec1f64d4efb273b6a0e4dbeea1ab33a40605ed0f7e9fceb41cf5370e84f5c512638d006926ad95b15a72ca5c2de0690b0de06f69f52b7837496b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
d2958d1eb28866891285d1c8cf1eba19

SHA1
3dc1f2904ee653af6519da86678f739b5f6e6bd3

SHA256
3d515eec9d77a8735bb0d974e636053757d04ce2ec5b9bbd52c8bc57003625a3

SHA512
121773ebe3ddeb4ea4ef27d532ddd5fa0ddb9be3553e5858b74104d113b491c4ab524b6a2abb30ee96c1906ced1dfad61bc6ee66cf43f723fadc149a7afad723

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
9c4d6b4458e0f20a2d9e9bd89e77b3b1

SHA1
d19db3d14356e8ced43fef539a239e26d5f58a73

SHA256
0dd2016f3dd3a2cb0e5670b999dbf944e6eefea40630cd10d4bf0f5cfaef44a1

SHA512
d8a43110982849965a3d5caa066e937e1b8352310de8917f397bdb6fa83260c13243797969d29c0aadb602e28bb1c2060b311bbc8ea2a145319fb1ee29ed1049

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
dbde74c0028befd3f9e9d61978104b8d

SHA1
ddd8e4deb443897f4d0987a06bd23f3f25c4f479

SHA256
8b153f9bcb02d771b967dd48b2f0587dd0eede5a02c2d292084c56773c4ccb6d

SHA512
1f4c37b85e7a496c8bfb136d67ea25de1066414a75a96a432fa59c7a6ebbce33e2a94d690a535d559e52e926de8e748b22a059d3b4fb5369b9b138f7feac5af6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
36615a031a9cfa13592cbd99805ce65d

SHA1
aa9ffd5908fa359d21f35698e7b5fd987432466d

SHA256
c12c46ad66236060915aa783da405597692ce8ede8136ffd2d14a52878b8acf6

SHA512
9faed6acb1a0461213687b137a18c0157c758c3575e0f1ab7f2021c4cf34c679829a9470ddcd2d8d61c7dd32e4b2dc3312fa5c2d6ddb4f68dcff9b37401a3310

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
071587337b5989c8d81da215747a5b6b

SHA1
b4ad64c8d004c52257a05386bfc022670e3682b7

SHA256
4d653dc87d03ecf7e86e0dc2d09b13a5510d4ffbdeacd316a681c1256a421f5c

SHA512
6aa79bfbde2be90267749eb42f47ff931d6e4f089ff05bd8a63e0872b4d9eac7b00a475adf86ff8b9a909bd181dd9202b06aaab431dbd4d86dcfc48875cd4e3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
63f5bb119aec6d904539a824db8f5e48

SHA1
cc206e13c0fe70c2e04ae9b6999e9c1ab7c64f03

SHA256
87dfb78250f6648b1503cfa6b4197f8c28c286d9cd505ec0100797a8d8696263

SHA512
72740809a55950e546701421397223d1eca541fa4e166da54fab640d4b549cf308d820d0746baee667850b86a6271b61e50add2bbf33ac014d123d8737df92f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
6df14d2f25742b4be068237274abf0ad

SHA1
147884a91b0aba1547801189bc601dadfecf861e

SHA256
0d37484bd48ae9ed8e1bcd452095df6dac874eb4b8cae3a794b7e0a329cefbda

SHA512
f41f407e8a4445f758c7acf845db0c64527dbaea942c2b547506eadfa9817ab70e4fe695af55ef912a68d64bc961b060022d4dedba0424b43a9a712d3eb4c177

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
f007f8e9788fafb8b9dac7c956420893

SHA1
d603b374de9164f3cb0961939610c4e24fa5c139

SHA256
11c60229f68e73f2fe507be6c4741bba989aff9673cdc852d26d984764922a35

SHA512
93d9240fc77ce7958f9f05a41cc0efa8a4448ff9dbdbef1eb0e7d59ddcadd320ff2be83edef7f29264f75a034d0dbedf225b5abb99a111e8032c1a4ec0816593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
097f1ed79d08215a016196b3f389a929

SHA1
8e7cf413bb75f433e8a539fedc6f2f3592e7d380

SHA256
2abbe33ac7e9adf01175093ec196f4a3cd7f6e5f6671887c085299f4f5e592cc

SHA512
b624ec0ab012cb796b5483f5fad5746e9c71b9b0ad424e4a9c849e419cbda5b97dbbfa686ade7c13f804b170a480d06a78ec06ca56b94c54b4c51d92ac347fcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
d2c1880ca71fec73246dcdc932e2a632

SHA1
fd3a9f6f06294feb53811c6ff7004e8959f91bfd

SHA256
0058d5a7eb50b6d1073637aa27e160d281f6f284874879c059a667973f978d28

SHA512
b716a74c94e39ae8b4b68917c72fdab711363dd3af0cac3c4d2861fb7dc3e24a8cceb29ee8c5080c42ed17f8bff4cc3f3fdc67ccbfaac9a6a34ec9f70406d279

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
361B

MD5
1ab75bbc5240782873dec7be5e5fd771

SHA1
1d3c981ad5a5fb99934c3cf871858ea3100da902

SHA256
517330c72be7d95d66e913c6ab4fe9c088e2d59aadb5620d693bf16db95a58f7

SHA512
3fcc033dd32d7b11bc15228580759bb383280da32ab080ce01f21cbd5b19624fcfa1a926c04d40727e59d40b3472d77d9db36cc792e0bead811f2710710ccb9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFf7c0c7f.TMP
Filesize
2KB

MD5
77ee1f9cdea715182b63c2242da4fd6d

SHA1
31ae9534c2b7bc1c117764aa253b267c41bc0090

SHA256
d5ad387812bce3c5a574fa89909f409afdfaa259e9c6424d5117868d2ae4ff13

SHA512
d4d8c27a82a1d870ce1946e510a4ce076cca31287b48d708184d90fd1e09a956d5834e4dbf944e1ea9755a5c5aef53b4f2a27a5c499ee7d1e4a6175a22b97fd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
874d4a5c2321e70469c2a859a310b15a

SHA1
11789584392482144e28acac3f65bd9a064d43f0

SHA256
bc5f0a669e77d7e45938fb57fedf60a5a047e4107d702ca6f1c74a7e3e98ca3f

SHA512
8eb7a12db606a8614745a21669db287f1445a641c3be4765fe294b2dc0a5145bfe117768016b9f75ff7b8ca51604e9ee8e9a2c8c9d388e85fddbeee654745670

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
5a27d92c06ac1cf201a5f84550a25a70

SHA1
865e0f2a72a9ee74fbbaedcf7fb07cf1e9abd4c8

SHA256
85a17963c904a7278f20226fe14eb8ab2ea1f0db7b15219b84f5d62a76e81db9

SHA512
87e2284e92409101c68a4f43afb53ef1c7e6ba9b9be5ccfadffa50b73ce6715942444e573c67e2a206bb847bc077a932d9ed07965db22621e4c8e0108f11a813

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
86411ac7ef6c195c8ca3d3851116e925

SHA1
08a51de0cd458dcd8ffdda80c92b58c59d0cfff9

SHA256
29f2cdf206f4c9c325f5177bfc8fc6daa18971d75fb9a85e2f17189902a15ab4

SHA512
21db1a49387f106700ee32b7489a44985a34473c0e2f9697f4fef06799850294cabbc713f29f801a62be05fb70c8281373ad8c4afe392608c2acf989c70edcbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
7900c7b6814f7607974bfd644dd4c586

SHA1
8b220ef6778ce3a31f3163ad572d3a344b961c0f

SHA256
241cecc23724e0e2630930f714902a9cfc4b1a82f327da2add636abd7e291df9

SHA512
d1653a07e39998d61a3feaa4b469ba3726e44e2bd84741558ea6d7eda65e845caa180303ab6dfd73eae25cbb8d01cb31b18a3b95d546a4c46794edfae3ded5ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
043a81261ffb93942a3f847fe965a6b9

SHA1
64fca9f1bbde43a273a77aa541690888efea2afb

SHA256
f28f3ce28c65c9ce14faba3919ced2a63e90417214cbcfb857f5e8073606d2bc

SHA512
86f4969ed33e8c9cf0e646a71f709c9fd22ffabe85fb586c463f193664e898cee30d88f61e560b30abcbe7e524ab3ba9eeb0027aa7fcf41f14439856e45152a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
6089fdabbe22d6b3d4423592fcdb7283

SHA1
5551a148e4594c80635f0bfa9fe7f3065b8c7863

SHA256
b8f7239b592a3e9b78d8684ac15680249e9fd8954a6a5c1d2b5b56b942e94944

SHA512
c2ac09af1000b97f5159bcf125b76065c9c0ed81a76acd58480eb0c87be46aa3ab694a8ec6462a6bde2ed42ee6b20b1bc14cb64af6a152f9254fae4393f332f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b407931a-4293-4a13-b7e6-f1bbd36af475.tmp
Filesize
6KB

MD5
d24967f366a6b2d7eb8a8eef3532cf1e

SHA1
a354568769114d17c8fd81211e9a2c5977732836

SHA256
1a269a0c087e29e45db9f06c06cbd86a9736677bc2d120412c1790035a06fbfc

SHA512
e29795d4538709ca0d6f6801cbee31f21edce84f088fc1ca611b53e1cabd38d1e484546daa0c1ea89502352e7805a2ec11e33f65697ef0542adde1fa45632efd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
312KB

MD5
61992d7fe696221a2e44c634367f87a2

SHA1
5e51ad375affc96fbf705aa6ba7fb9574caf1f74

SHA256
2346753a031c7cce9f7ae10b5642dde0a592f88350f1db73e5ea80fe1e727e9a

SHA512
c807fa059f4e08241b13ad49cd8eefc67ee826bffba22139a3d759864e8ac54e5292fee3b5e9a91805b73ed69fa77f41ef0d2d9d3408cd7c4fdfc0e08f37b9fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
312KB

MD5
3e4968863c3569cfe52030de4a34303d

SHA1
eafe99e2ff93afcea32db8b285dc13bb1c5d1a07

SHA256
14e7829037fbaaa57ad8e85fab878d2f77e0b4b28ca0081c33a01c1d855e50b6

SHA512
67ece42abbdbfbc49b2acbe1b38f4c2b6254c29693af3ae8a0f09a8905230d14b000ed854e87675e1f457b8c0605f9c5bee623469414fe37c4e883a7a8c15a1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
312KB

MD5
c1215a76117747a6b7b47a3ecf3ff196

SHA1
a7d5ed865a19226720f60d2cadf18bfd2fcc7f96

SHA256
e4076753c66231fc21faa978791d4b860fd9eeee393387d823251fa5a832523a

SHA512
4cdce966f1d3e7ba5d8254700bb9123a3ee4545a9599b4804afa4bbda06faab8fedca5e2d2c9049f868d28ef5bdd9f6b0d33589bda7bc89b0c37ae3c738f1ec2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
312KB

MD5
e1fc89b056422f1c73df17861c0f3db4

SHA1
6d0b210ae974466bf26493f8845f44831a9cf994

SHA256
924d90d0f901a37ab5b033a1cf94c01bbaf9f4f1d071ad0108452f399a867c44

SHA512
c84a34bd0a1d7ea5a93595b72b4e32328429b718ef115679201d74034e605d7f7d728fa950217047a265d9e66689d91720435baa569b600701441940b1bff9dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
87KB

MD5
d3e6119dd4b3cb6f2115ec75c04224dc

SHA1
9ea7d2993f6d18b1878e2f4c8ba985475c5b82f6

SHA256
9d7680c9eccad0dfccc74a37c5f1369646a76bc10d4335c140246601d6d42b75

SHA512
cf6e09fa6960e3bb670d75eeb1d0cefd7b4fc6ea882d400b870eafdec376cc25f16d9e5e893df554dd498e06aa6053c9be032d22310a7130d5d0f05486186784

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
90KB

MD5
c199220f355ca56989b5589d0b0856f0

SHA1
ff3b3bea96d68f923664d8aa5394596e3e43e524

SHA256
e980f29ddffcf8d75454dddce052daa940637a87c81af650256ef77cf671a9c0

SHA512
40127989815118ee9ea6d7b5dff3cf7522fd5f41107d98e00b1f1dd638837491876fdf2de9e1cad53ff3b1e7b6a0208441c3355244fcc9c0c60265f4103de02d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFF86.tmp
Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFFB8.tmp
Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\Downloads\WaveInstaller.exe
Filesize
2.3MB

MD5
215d509bc217f7878270c161763b471e

SHA1
bfe0a2580d54cfa28d3ff5ef8dc754fdc73adcd9

SHA256
984dfc64c10f96c5350d6d9216a5d7abfece1658dfc93925f7a6b0c80817c886

SHA512
68e615dfcb1b7770ad64175438a913744c14bdd3af93b339c2b526271bdd0d23334e78d049fdae8ca9fe66672a8cf252ebf891be9ab6c46a3d8f1fb00fa8c83b

Download Submit
\??\pipe\crashpad_2784_XWAWSXTFCQPWZCPQ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/876-148-0x00000000746FE000-0x00000000746FF000-memory.dmp

Filesize
4KB

Download
memory/876-151-0x00000000002E0000-0x00000000002EA000-memory.dmp

Filesize
40KB

Download
memory/876-152-0x00000000002E0000-0x00000000002EA000-memory.dmp

Filesize
40KB

Download
memory/876-149-0x0000000001140000-0x000000000138A000-memory.dmp

Filesize
2.3MB

Download
memory/876-150-0x00000000746F0000-0x0000000074DDE000-memory.dmp

Filesize
6.9MB

Download
memory/876-169-0x00000000746F0000-0x0000000074DDE000-memory.dmp

Filesize
6.9MB

Download
memory/2288-9-0x0000000000850000-0x000000000085A000-memory.dmp

Filesize
40KB

Download
memory/2288-6-0x0000000074DE0000-0x00000000754CE000-memory.dmp

Filesize
6.9MB

Download
memory/2288-7-0x0000000074DEE000-0x0000000074DEF000-memory.dmp

Filesize
4KB

Download
memory/2288-8-0x0000000074DE0000-0x00000000754CE000-memory.dmp

Filesize
6.9MB

Download
memory/2288-5-0x0000000074DE0000-0x00000000754CE000-memory.dmp

Filesize
6.9MB

Download
memory/2288-4-0x0000000000850000-0x000000000085A000-memory.dmp

Filesize
40KB

Download
memory/2288-0-0x0000000074DEE000-0x0000000074DEF000-memory.dmp

Filesize
4KB

Download
memory/2288-3-0x0000000000850000-0x000000000085A000-memory.dmp

Filesize
40KB

Download
memory/2288-10-0x0000000000850000-0x000000000085A000-memory.dmp

Filesize
40KB

Download
memory/2288-11-0x0000000074DE0000-0x00000000754CE000-memory.dmp

Filesize
6.9MB

Download
memory/2288-2-0x0000000074DE0000-0x00000000754CE000-memory.dmp

Filesize
6.9MB

Download
memory/2288-12-0x0000000074DE0000-0x00000000754CE000-memory.dmp

Filesize
6.9MB

Download
memory/2288-13-0x0000000074DE0000-0x00000000754CE000-memory.dmp

Filesize
6.9MB

Download
memory/2288-1-0x00000000010F0000-0x0000000001282000-memory.dmp

Filesize
1.6MB

Download