hxxps://getwave[.]gg/

Analysis

max time kernel
248s
max time network
246s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
21/08/2024, 18:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://getwave.gg/

Score

8^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 5 IoCs

pid	Process
5848	WaveInstaller.exe
2756	WaveBootstrapper.exe
1096	WaveWindows.exe
4872	node.exe
5500	Bloxstrap.exe

Loads dropped DLL 2 IoCs

pid	Process
2756	WaveBootstrapper.exe
1096	WaveWindows.exe

Checks for any installed AV software in registry 1 TTPs 6 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab	WaveWindows.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\LastUsername	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\Session	WaveWindows.exe
Key queried	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab	WaveWindows.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\KasperskyLab\LastUsername = "xddsad"	WaveWindows.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
60	raw.githubusercontent.com
62	raw.githubusercontent.com
14	raw.githubusercontent.com
47	raw.githubusercontent.com
59	raw.githubusercontent.com
61	raw.githubusercontent.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\WaveInstaller.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveBootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveWindows.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133687376863691644"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\WaveInstaller.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1096	WaveWindows.exe
1096	WaveWindows.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe
Token: SeShutdownPrivilege	5352	chrome.exe
Token: SeCreatePagefilePrivilege	5352	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe
5352	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1400	MiniSearchHost.exe
4872	node.exe
5500	Bloxstrap.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5352 wrote to memory of 4776	5352	chrome.exe	80
PID 5352 wrote to memory of 4776	5352	chrome.exe	80
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 6032	5352	chrome.exe	82
PID 5352 wrote to memory of 4888	5352	chrome.exe	83
PID 5352 wrote to memory of 4888	5352	chrome.exe	83
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84
PID 5352 wrote to memory of 4980	5352	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://getwave.gg/
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdf54cc40,0x7fffdf54cc4c,0x7fffdf54cc58
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1840,i,55321178328706915,8736375174992499371,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  PID:6032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2008,i,55321178328706915,8736375174992499371,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1996 /prefetch:3
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,55321178328706915,8736375174992499371,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2404 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2548,i,55321178328706915,8736375174992499371,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,55321178328706915,8736375174992499371,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4500,i,55321178328706915,8736375174992499371,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4508 /prefetch:8
  2⤵
  PID:5688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4740,i,55321178328706915,8736375174992499371,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5176,i,55321178328706915,8736375174992499371,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:5880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5160,i,55321178328706915,8736375174992499371,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5360,i,55321178328706915,8736375174992499371,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4540 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=212,i,55321178328706915,8736375174992499371,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5460,i,55321178328706915,8736375174992499371,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4596 /prefetch:8
  2⤵
  PID:5896
- C:\Users\Admin\Downloads\WaveInstaller.exe
  "C:\Users\Admin\Downloads\WaveInstaller.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5848
- - C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe
    "C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2756
  - - C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
      "C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks for any installed AV software in registry
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1096
    - - C:\Users\Admin\AppData\Local\Luau Language Server\node.exe
        
        "C:\Users\Admin\AppData\Local\Luau Language Server\node.exe" server --process-id=1096
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
        
        "C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4648,i,55321178328706915,8736375174992499371,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4448 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1892

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1888

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5096

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.dll

Filesize
4.3MB

MD5
6546ceb273f079342df5e828a60f551b

SHA1
ede41c27df51c39cd731797c340fcb8feda51ea3

SHA256
e440da74de73212d80da3f27661fcb9436d03d9e8dbbb44c9c148aaf38071ca5

SHA512
f0ea83bf836e93ff7b58582329a05ba183a25c92705fab36f576ec0c20cf687ce16a68e483698bda4215d441dec5916ffbdfa1763fb357e14ab5e0f1ffcaf824

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe

Filesize
249KB

MD5
772c9fecbd0397f6cfb3d866cf3a5d7d

SHA1
6de3355d866d0627a756d0d4e29318e67650dacf

SHA256
2f88ea7e1183d320fb2b7483de2e860da13dc0c0caaf58f41a888528d78c809f

SHA512
82048bd6e50d38a863379a623b8cfda2d1553d8141923acf13f990c7245c833082523633eaa830362a12bfff300da61b3d8b3cccbe038ce2375fdfbd20dbca31

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.runtimeconfig.json

Filesize
372B

MD5
d94cf983fba9ab1bb8a6cb3ad4a48f50

SHA1
04855d8b7a76b7ec74633043ef9986d4500ca63c

SHA256
1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a

SHA512
09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e053ba3f4d9f51bbc9b924c22b48a61e

SHA1
863a16e19380700feefdffa28ce8cfbb45833671

SHA256
61904cf6a1bd36dee980ef4656b1e18ed8f63e9d4f6ff48f4ea143022b25be50

SHA512
86a076faa14a19e42d3bd2cf9cf89c2a0e234ff159ed9888e68be2b83f0bc5ceea4eabb1d31106e85d3f5cb5e3cd147b77d8039adccb77b5c1bcdf7d2066c168

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
dd52ad3dfe71835a978d0e0062e559b6

SHA1
2384ebaca85026e3a21ac0b123570f44bc2d6de5

SHA256
ad937e2d57ce3f7336aa40904857c8efd91eb48eb870b949836746d3d958b5e1

SHA512
9c2a3192890815b3b8e6e36a4c23391b391b5d3d3b8d9e20f57e3961e5f3a9eeda4964331564c206efdda80593df913fe8d9975a973b59e981e22e2bda634ff6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d16f566784bcfb2d4c7b2815b7d2d7a1

SHA1
dd6f440a0b268d29771a18adf31d6f4ee91bb83a

SHA256
4fc4c3bf9a17492b14e3bdef0a58872b84817273cb19dae66c1949f689055771

SHA512
f27cb05d651f891d59ac19e86bb56509c1d0be19c0ad56ba094d2d362212a1eb22de10dd1f2165ff149cf6827fabe26be354402256dd0f8c068221214e0612d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2bf683996e86fd7c520f4d1a8f586993

SHA1
969b903b30c226ee5ad95162dd8b36c419585796

SHA256
756b1327b991b34993995f2467ec460a477f95882dee5ae43b541fa3c2804568

SHA512
eaa64bcdda0b296c4cc33d13be347048648cf1f166b214c04068a4c2e742d533b803273cfd4cbc87a382e53e2420b3e7c4f920d9b519144ed5850c45ce5ed607

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e280d68b1eb6a3e7d6ff7fb3b71b31e4

SHA1
42e4824716513dc73ded0041246aceca02b772a2

SHA256
bf2635f66c81c0d5b9ca32cd9041c55f40d9284f7a7f727a8fc2007c4f4262e1

SHA512
90b4643df196aeedd46ed6064d20b2eab0e7c013ff06281e3cd9cf06cfab4f2cdaebf0349e871b525757ac86d007c47325b8a79edf225a5d2e1e30c9f28999a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5b376dcf8554806f39f2a452b8b21d3b

SHA1
16e52735e8e1748ebb18cd5d0ccb13c5e51adfa7

SHA256
efcdc6584d7788e0e9e8039d8c93b19e83f36770ab7a2d3746c10bd11cf3e73e

SHA512
f634caf980e2e9282b1c0d41979fba6ff9e082b8fa5c9a1d78bf2ba417778f73eb50673e8bbc90a06c4944f5271678a3a2a1a8090a1043178336828b348ac463

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
067bda3b4ba4f9c08f68940519652dcd

SHA1
aad1111813e74cf5f2ebcc0ed6554463fb52fc34

SHA256
cfc588d8192b32465cd0c9a6214cce717a72e420cd8aa1787c983d3c496b0991

SHA512
0ac6929ab45d2b50732425f850daab912d9926215245bad612d6623f9460f964a739a9b7e7b36e438f7075b2764cd9a2ba9662e6d70bf1a054db9e888e73c970

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c561e401382ea22a16943c32920657cf

SHA1
de7a931b03388fb24cb3e30b71d221f6694fab8c

SHA256
ef53782ef4fe70451698e340ca046ab2528bfc5e49ae3b9839775976cd20f11a

SHA512
bd623612bb5c560496515274c35dbd4441a77de98df8f0ed88444f19bf676e9a4aeb4f1fea6571e8e778bb12d9b30d7cb7a72bd018474aea74c0859f38ae48c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4fef4775d37ff510a650742ec98e1a02

SHA1
269aaeb104881541101cf3b91445fe16e7c51488

SHA256
a864b86ac83e2b590230a6c1ed5c0391df946017a2959069e78cf0f24874e238

SHA512
60e1b46f843c07c37074a491607c05a2f82a280a0f0f643d2f2dce19f0658a7fad95f51d071d544cb955b0005fc1def3a3cfb5a2f532bdba648e4261d1a27f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3446d9179d52e6c38eeb686696d7448f

SHA1
7738024e25d38017800e6281aa56d7c6675431cd

SHA256
467a10ebced40b6f372716b69f7ccf5e1ec4982973fe47099faf862144d18008

SHA512
1ee04ef34d6d0b64fd9595d53d167b7e1af134de430a7852a944f3fabcfab22d82bccffb603d559eb1c0c07c8717e904fcc6589943d4bde382c38bd0aa42d916

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
38aa07720454770bdb7f6f71111faace

SHA1
d52e99170a69f8fad2900dd8721d728e9594071b

SHA256
f3c686f2dee2719bb40c61e2f812cdbce8f70666145466c221c6c712c788154e

SHA512
c7242372a2ed88a9cc6626065f776d04f4ac98aba43450676666c7ac0843784ffba9d58cf3674a80b64bb63b69b2f586bb12019ef2301c0f52883950279da594

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6681513cc8cdd1648146a2e84ab43ef5

SHA1
971fda2db1b38b222248f69a1b7bc795dcd881db

SHA256
eda1cb87be64feefb62449632463d7349b4bdca4cfa6bf9e3f83849630a51a7e

SHA512
66d0e0aaf5b62844bb86adc6ab229fef9414d1aedf9e250a0abd3d0e1f424bb2a2fb70336eb527818c2b10c669c9ebcefd5cde35a071afab8aa696e443826380

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
22fa2b58f47c2d15e984c952945a0043

SHA1
08eab92003bf1bd2c5b543675235a6994a919fc9

SHA256
454f62ad0dfb9e29f7cbfc5b2e7e2e13a7681b7ca755206e9c2e5db2121197fc

SHA512
a465674a079e71bdafd2bba1cd9880dd7ebc37864d4444d14a1af834e1450e614b684df135c1931bafde634aa6da805ebd1f47ef763ebcb5a60da1f79605a5fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fc3829e940500217368611461bfe8090

SHA1
f6dda961287a9bbe2f8ce79cdf29bb4bf5aab861

SHA256
2c861cbfafd9525d909baf19e65f69cc27bd65867dc7d16f6cf013b6d8f92522

SHA512
5f4067899c6ec26314a8726007dea8ffcb649e31e89e70ee5119e75c9c700c13f5c0b0ca056fb5edb7a7585693b01b2c195c4ea5d6a034caf9b3a089d13ec452

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ca0f9a2f0d17d830d916e433b78a0bfc

SHA1
92da106d240357a5da2d308b99a5d0d8bd109306

SHA256
e9d12924108e046084192c1198d4a369fd7f75ea94aebe3ab2d3d8432cc55dc0

SHA512
65488cb8fbb972988fc11b6e637defab4981705488da8434027530f656790a0b3eba7fa5502fd7d4495717f1ae5b1c5d8788eb523ca591615dc8054d9b3fcc65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eaf80f587e129c70238263175b0e7233

SHA1
f25f044113ba8518ed6b12a01ae35c3dd86c7755

SHA256
2b7cc962489d2400ed275bf1fd9ea0ed101434062b7989f828ec870440c2498b

SHA512
bb3ac45ce122dea33732d84c4520a8fc0c960de2bd12430f3f13ba9158be3d7a0a79843506c492d02e0cd8a108a03bec13907729a83cfd8e18bdee1b270ebbea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d5736a4ab298ea3a41720be76a675089

SHA1
51e4ebe2c6f833b37a9ade9a20b2abbc64b8ea6e

SHA256
1af788dfc81f48278d01c531ae99a9290ab55f9e7b1f4dd03040419619c4ebf9

SHA512
1fc553f3be94a1b5f41e5f0d29fb05051dba7b7f2aa6fa426b35e77b676707486e8fe972fb22e2868c5ae533c886ff71da1777c3b3588caef12baf140834fbe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
080e5b29345eb346302472546056265e

SHA1
6ee56339967300781741be954239f851a4f90b65

SHA256
5131f9cd0c944f113e2380f0d7e48873b9e07890711df886f5a0dffc459b1bb4

SHA512
e1971f083ad0fb13a305939eb5c55169e9b7a60bde3def10ef63c739efd78071a6ea28f4a70dd4b05ff5ea5e7164c577114e43c3d057761c987a6f30a4559abf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
afb2b56295e63dccddc6694cb1385d95

SHA1
345eeaed655287c986280af21d1ca655b26e060d

SHA256
08e226465c3724d5a73e6568501db98be8f8e60dc8f160ff72ea2e3dc9c1d6fa

SHA512
2d6dea80b727817ec326631a7eb4277ec781fccdce548ea042a725b4699cf837262039bd63111cfa68c10d177083d24c5039a401ae41a3a29980f0a05c740254

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
1eabbc944006fbf9ddce8bbab25e1c25

SHA1
da8dea47dcddb284e479e490eef2476031bf36db

SHA256
18fb27b440346e37b6a70c2b10d61b6d3a0823137e5e70c830869f9fed447d54

SHA512
e237d794928115eeae3d4b4a543fb89b4a118d29cb3471b2955354b38cd0e36ac10f568fabee3845d75952652441d3acae71b147cad1fe7a39c2efbdc85bc96f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
ba170cdacc7aed61da8dcc2c6f72f981

SHA1
9e2ef7415a9af98b4d923753477fd6747ced31b4

SHA256
445083209a37cec2523ed58105ad4f1d642f918d7211921e411d1a160167daf9

SHA512
c3ed426a2c02496aedf30fe284bf629fefea6d8f9c8cd17fa193ad0258f6c801dd6973c2c3534655ad1914324fdf752797d5cd1a1ede72fe15139cd79372f083

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
4e7c2a7ec20aefa7d497dcb926c66206

SHA1
065234265d693679bd29c8fd7c345c4bc38958c6

SHA256
f95dc5ced7af00cb3c98e33b2617f375cdbc491cf8b543e52b8574791c3ccef7

SHA512
2cadfdd1cccbb69e147e0c34e88b6640c57df965518a09c0ae938cb7e9f046484777c60b72f0ebcab1f8f191be078c0943d8258795a0754fb38e2299568c5af5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
bf1e0c5ae57abf930b0702313844becb

SHA1
f5842bbc2db03660e729136ecdc8c5ce2a26eaba

SHA256
8cbe85e8e7e0888b48406e08164471e416190788160a954f7c7bfcea5e9d2bdb

SHA512
6a84b29f41366da2d8b8dbd39d8d52a58762f0560e372959b04cd3d984dc0ccc928d77aa3ed7a64047968e5f8f3114dcaef856a2d2c1a96cf97415ce44bf355f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
d3072af68c4d538b9db35ea64426d176

SHA1
b8e84b0fc129421e7a5a3db78cd20977945a7725

SHA256
927258d9433fd5534e429eb597e739c68d84d3bbb19147368f03da0b97ea172b

SHA512
3460eb7132fabe687c9ca773b1406312b62a485179e552691d1833a063bd1e19a10a7ba1daee71a87a6750f95ed61345c2025ec4a33ebd229543214b5ab27e38

Download Submit
C:\Users\Admin\AppData\Local\Luau Language Server\server\index.js

Filesize
6.1MB

MD5
6b1cad741d0b6374435f7e1faa93b5e7

SHA1
7b1957e63c10f4422421245e4dc64074455fd62a

SHA256
6f17add2a8c8c2d9f592adb65d88e08558e25c15cedd82e3f013c8146b5d840f

SHA512
a662fc83536eff797b8d59e2fb4a2fb7cd903be8fc4137de8470b341312534326383bb3af58991628f15f93e3bdd57621622d9d9b634fb5e6e03d4aa06977253

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
f8f606a032719f0447a78d9b50fb672f

SHA1
45d741cb2185064eb8c06a91d79c928fcb657abe

SHA256
d5e5bb3e87ef84f4e352d277fbe38a57f65ed50c0f8309dbff43d57af778b3ca

SHA512
96169b9bcfce9f671452010340d707e2dd3a60a1ba2847cccbf1fff2dd11d0f74dfdc74cb9c20015bdbe95479f52501f9ee30ac634f547006104fba349472b65

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
27152171537c47796aa7194ac41383bc

SHA1
430c380ea885fce765a771cc40cbfe6358b4d04c

SHA256
28276ad4adb3f540918a28a722f10a63406037b96a14e05565e31ec90c605c22

SHA512
044ded8d45d2249f69ae617768398a33cf060618f1cb583aa9d9a34171de10bf3e23f6e49b3c0b8ca872f5ecbe98e841168fb3e94fdef2efbb299a3cbc01f616

Download Submit
C:\Users\Admin\AppData\Local\Wave\D3DCOMPILER_47.dll

Filesize
3.9MB

MD5
3b4647bcb9feb591c2c05d1a606ed988

SHA1
b42c59f96fb069fd49009dfd94550a7764e6c97c

SHA256
35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7

SHA512
00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe

Filesize
949KB

MD5
495df8a4dee554179394b33daece4d1e

SHA1
0a67a0e43b4b4e3e25a736d08de4cec22033b696

SHA256
201263498c60fa595f394650c53a08d0b82850349123b97d41565e145ddf2f42

SHA512
ce3bef1038741f7a0f90cc131a4a1883fd84b006654024d591f5451e73166b4cae546e307c358b5b90aa0e6517bf7b6098f1f59a3ecc01598d4feb26e6b6af33

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe

Filesize
8.0MB

MD5
b8631bbd78d3935042e47b672c19ccc3

SHA1
cd0ea137f1544a31d2a62aaed157486dce3ecebe

SHA256
9cfda541d595dc20a55df5422001dfb58debd401df3abff21b1eee8ede28451c

SHA512
0c51d6247e39f7851538a5916b24972e845abfe429f0abdc7b532f654b4afe73dc6e1936f1b062da63bfc90273d3cbc297bf6c802e615f3711d0f180c070aa26

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 585163.crdownload

Filesize
2.3MB

MD5
215d509bc217f7878270c161763b471e

SHA1
bfe0a2580d54cfa28d3ff5ef8dc754fdc73adcd9

SHA256
984dfc64c10f96c5350d6d9216a5d7abfece1658dfc93925f7a6b0c80817c886

SHA512
68e615dfcb1b7770ad64175438a913744c14bdd3af93b339c2b526271bdd0d23334e78d049fdae8ca9fe66672a8cf252ebf891be9ab6c46a3d8f1fb00fa8c83b

Download Submit
C:\Users\Admin\Downloads\WaveInstaller.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/1096-549-0x000000000B800000-0x000000000BB57000-memory.dmp

Filesize
3.3MB

Download
memory/1096-542-0x0000000009C30000-0x0000000009CE2000-memory.dmp

Filesize
712KB

Download
memory/1096-535-0x0000000005EC0000-0x0000000005F72000-memory.dmp

Filesize
712KB

Download
memory/1096-537-0x0000000005DA0000-0x0000000005DA8000-memory.dmp

Filesize
32KB

Download
memory/1096-548-0x000000000AFC0000-0x000000000AFE2000-memory.dmp

Filesize
136KB

Download
memory/1096-536-0x0000000005F70000-0x0000000006010000-memory.dmp

Filesize
640KB

Download
memory/1096-534-0x0000000000C30000-0x0000000001432000-memory.dmp

Filesize
8.0MB

Download
memory/1096-572-0x000000000AD80000-0x000000000ADB8000-memory.dmp

Filesize
224KB

Download
memory/1096-573-0x000000000D9C0000-0x000000000DEEC000-memory.dmp

Filesize
5.2MB

Download
memory/2756-515-0x0000000009680000-0x000000000968A000-memory.dmp

Filesize
40KB

Download
memory/2756-513-0x0000000008920000-0x0000000008A24000-memory.dmp

Filesize
1.0MB

Download
memory/2756-516-0x00000000096C0000-0x00000000096C8000-memory.dmp

Filesize
32KB

Download
memory/2756-517-0x0000000009720000-0x000000000973E000-memory.dmp

Filesize
120KB

Download
memory/2756-514-0x0000000009640000-0x0000000009656000-memory.dmp

Filesize
88KB

Download
memory/2756-512-0x0000000000870000-0x0000000000962000-memory.dmp

Filesize
968KB

Download
memory/5848-294-0x0000000001150000-0x0000000001158000-memory.dmp

Filesize
32KB

Download
memory/5848-292-0x0000000000FD0000-0x0000000001066000-memory.dmp

Filesize
600KB

Download
memory/5848-298-0x0000000000F10000-0x0000000000F1A000-memory.dmp

Filesize
40KB

Download
memory/5848-297-0x0000000000F00000-0x0000000000F0A000-memory.dmp

Filesize
40KB

Download
memory/5848-296-0x0000000000E80000-0x0000000000EF2000-memory.dmp

Filesize
456KB

Download
memory/5848-521-0x0000000074830000-0x0000000074FE1000-memory.dmp

Filesize
7.7MB

Download
memory/5848-293-0x0000000001100000-0x0000000001126000-memory.dmp

Filesize
152KB

Download
memory/5848-111-0x0000000074830000-0x0000000074FE1000-memory.dmp

Filesize
7.7MB

Download
memory/5848-110-0x0000000000440000-0x000000000068A000-memory.dmp

Filesize
2.3MB

Download
memory/5848-109-0x000000007483E000-0x000000007483F000-memory.dmp

Filesize
4KB

Download
memory/5848-112-0x0000000074830000-0x0000000074FE1000-memory.dmp

Filesize
7.7MB

Download
memory/5848-113-0x00000000059E0000-0x0000000005A18000-memory.dmp

Filesize
224KB

Download
memory/5848-114-0x00000000059B0000-0x00000000059BE000-memory.dmp

Filesize
56KB

Download
memory/5848-133-0x000000007483E000-0x000000007483F000-memory.dmp

Filesize
4KB

Download
memory/5848-134-0x0000000074830000-0x0000000074FE1000-memory.dmp

Filesize
7.7MB

Download
memory/5848-135-0x0000000074830000-0x0000000074FE1000-memory.dmp

Filesize
7.7MB

Download