hxxps://robloxplayer[.]en[.]softonic[.]com/roblox/game

Analysis

max time kernel
326s
max time network
327s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24-08-2024 13:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://robloxplayer.en.softonic.com/roblox/game

Score

9^/10

discovery evasion motw persistence phishing privilege_escalation ransomware spyware stealer trojan

Malware Config

Signatures

Renames multiple (55) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	SWUpdater.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	NW_store.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	nw.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	SWUpdater.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	Setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	PcAppStore.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	Fast!.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	RobloxPlayer_v1.6.0.5520592.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	RobloxPlayer_v1.6.0.5520592.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	NW_store.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	wavebrowser.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 64 IoCs

pid	Process
4240	Wave Browser.exe
1992	SWUpdaterSetup.exe
3812	SWUpdater.exe
6160	SWUpdater.exe
5308	SWUpdaterComRegisterShell64.exe
5976	SWUpdaterComRegisterShell64.exe
6008	SWUpdaterComRegisterShell64.exe
3260	SWUpdater.exe
6460	SWUpdater.exe
5536	SWUpdater.exe
6780	WaveInstaller-v1.5.18.2.exe
5680	setup.exe
5324	setup.exe
7020	setup.exe
6816	setup.exe
7004	wavebrowser.exe
6320	wavebrowser.exe
5168	wavebrowser.exe
7000	wavebrowser.exe
4512	wavebrowser.exe
6960	wavebrowser.exe
5972	wavebrowser.exe
6376	wavebrowser.exe
7848	SWUpdater.exe
8048	wavebrowser.exe
7184	wavebrowser.exe
7340	wavebrowser.exe
7396	wavebrowser.exe
7384	wavebrowser.exe
6052	wavebrowser.exe
7532	wavebrowser.exe
7580	wavebrowser.exe
7604	wavebrowser.exe
7708	wavebrowser.exe
7812	wavebrowser.exe
5380	wavebrowser.exe
8044	wavebrowser.exe
7984	wavebrowser.exe
7276	wavebrowser.exe
7496	wavebrowser.exe
7176	wavebrowser.exe
7344	wavebrowser.exe
8256	wavebrowser.exe
8400	wavebrowser.exe
8484	wavebrowser.exe
8572	wavebrowser.exe
8600	wavebrowser.exe
8720	wavebrowser.exe
8752	wavebrowser.exe
8872	wavebrowser.exe
8912	wavebrowser.exe
8216	wavebrowser.exe
7200	wavebrowser.exe
7404	wavebrowser.exe
8896	wavebrowser.exe
8952	wavebrowser.exe
8968	wavebrowser.exe
9088	wavebrowser.exe
8932	wavebrowser.exe
9112	wavebrowser.exe
9104	wavebrowser.exe
9144	wavebrowser.exe
9188	wavebrowser.exe
5864	wavebrowser.exe

Loads dropped DLL 64 IoCs

pid	Process
3812	SWUpdater.exe
6160	SWUpdater.exe
5308	SWUpdaterComRegisterShell64.exe
6160	SWUpdater.exe
5976	SWUpdaterComRegisterShell64.exe
6160	SWUpdater.exe
6008	SWUpdaterComRegisterShell64.exe
6160	SWUpdater.exe
3260	SWUpdater.exe
6460	SWUpdater.exe
5536	SWUpdater.exe
5536	SWUpdater.exe
6460	SWUpdater.exe
7004	wavebrowser.exe
6320	wavebrowser.exe
7004	wavebrowser.exe
5168	wavebrowser.exe
5168	wavebrowser.exe
7000	wavebrowser.exe
5168	wavebrowser.exe
5168	wavebrowser.exe
5168	wavebrowser.exe
7000	wavebrowser.exe
4512	wavebrowser.exe
6960	wavebrowser.exe
4512	wavebrowser.exe
6960	wavebrowser.exe
5168	wavebrowser.exe
5168	wavebrowser.exe
5168	wavebrowser.exe
5972	wavebrowser.exe
5972	wavebrowser.exe
6376	wavebrowser.exe
7848	SWUpdater.exe
6376	wavebrowser.exe
8048	wavebrowser.exe
8048	wavebrowser.exe
7184	wavebrowser.exe
7340	wavebrowser.exe
7340	wavebrowser.exe
7184	wavebrowser.exe
7384	wavebrowser.exe
6052	wavebrowser.exe
6052	wavebrowser.exe
7396	wavebrowser.exe
7396	wavebrowser.exe
7532	wavebrowser.exe
7384	wavebrowser.exe
7532	wavebrowser.exe
7580	wavebrowser.exe
7580	wavebrowser.exe
7708	wavebrowser.exe
7708	wavebrowser.exe
7604	wavebrowser.exe
7812	wavebrowser.exe
7604	wavebrowser.exe
7812	wavebrowser.exe
5380	wavebrowser.exe
5380	wavebrowser.exe
8044	wavebrowser.exe
8044	wavebrowser.exe
7984	wavebrowser.exe
7984	wavebrowser.exe
7276	wavebrowser.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Wavesor SWUpdater = "\"C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.135.0\\SWUpdaterCore.exe\""	SWUpdater.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PCAppStore = "\"C:\\Users\\Admin\\PCAppStore\\PCAppStore.exe\" /init default"	nsx474D.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PcAppStoreUpdater = "\"C:\\Users\\Admin\\PCAppStore\\AutoUpdater.exe\" /i"	nsx474D.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Watchdog = "\"C:\\Users\\Admin\\PCAppStore\\Watchdog.exe\" /guid=DD06E985-AC7F-4567-B0C7-3752F03C29FCX /rid=20240824135905.460240819484 /ver=fa.1091v"	nsx474D.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 12 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SWUpdater.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SWUpdater.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SWUpdater.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SWUpdater.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayer_v1.6.0.5520592.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SWUpdater.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SWUpdater.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayer_v1.6.0.5520592.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayer_v1.6.0.5520592.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	Fast!.exe
File opened (read-only)	\??\M:	Fast!.exe
File opened (read-only)	\??\O:	Fast!.exe
File opened (read-only)	\??\P:	Fast!.exe
File opened (read-only)	\??\Q:	Fast!.exe
File opened (read-only)	\??\E:	Fast!.exe
File opened (read-only)	\??\U:	Fast!.exe
File opened (read-only)	\??\X:	Fast!.exe
File opened (read-only)	\??\L:	Fast!.exe
File opened (read-only)	\??\A:	Fast!.exe
File opened (read-only)	\??\I:	Fast!.exe
File opened (read-only)	\??\J:	Fast!.exe
File opened (read-only)	\??\N:	Fast!.exe
File opened (read-only)	\??\V:	Fast!.exe
File opened (read-only)	\??\W:	Fast!.exe
File opened (read-only)	\??\Y:	Fast!.exe
File opened (read-only)	\??\F:	PcAppStore.exe
File opened (read-only)	\??\H:	Fast!.exe
File opened (read-only)	\??\K:	Fast!.exe
File opened (read-only)	\??\R:	Fast!.exe
File opened (read-only)	\??\S:	Fast!.exe
File opened (read-only)	\??\T:	Fast!.exe
File opened (read-only)	\??\Z:	Fast!.exe
File opened (read-only)	\??\B:	Fast!.exe

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
314	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Checks system information in the registry 2 TTPs 18 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	wavebrowser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	wavebrowser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	NW_store.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	wavebrowser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	wavebrowser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	NW_store.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	nw.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	nw.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	NW_store.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\CollisionGroupsEditor\assign.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaApp\graphic\gr-avatar-frame-36x36.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\hr.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.42\Locales\ca-Es-VALENCIA.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\ImageSet\AE\img_set_1x_1.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\places\Mobile.rbxl	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\RoduxDevtools\Undo.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaChat\graphic\gr-game-border-60x60.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\AvatarImporter\fbximportlogo.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\AvatarImporter\img_light_RthroNarrow.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Settings\LeaveGame\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\Controls\DesignSystem\ButtonX.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaChat\icons\ic-unpin-20x20.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\PlayerList\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\zh-TW.pak	SetupEngine.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUC3F2.tmp\msedgeupdateres_lb.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\[email protected]	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_3x_7.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaChat\9-slice\gr-mask-game-icon.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\FaceControlsEditor\face_frontView.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\DefaultController\[email protected]	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaChat\graphic\gr-send.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\RoactStudioWidgets\toggle_off_light.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\PlayStationController\[email protected]	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaChatV2\actions_notificationOn.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Settings\Help\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Trust Protection Lists\Mu\TransparentAdvertisers	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\sr.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Backpack\ScrollUpArrow.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Emotes\Editor\Large\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaApp\graphic\gr-add.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\msedge.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\sky\cloudDetail.dds	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\VR\buttonSelected.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\AnimationEditor\button_control_reverseplay.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaApp\graphic\WideView_purpleLayer.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\VisualElements\SmallLogoCanary.png	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\identity_proxy\internal.identity_helper.exe.manifest	setup.exe
File created	C:\Program Files (x86)\Fast!\nwjs\locales\lt.pak	SetupEngine.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\LayeredClothingEditor\Icon_Play_Light.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\VoiceChat\SpeakerNew\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\ImageSet\AE\img_set_2x_3.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaApp\graphic\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\MenuBar\icon_standing.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\RoactStudioWidgets\toggle_off_dark.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\TerrainTools\icon_regions_select.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\fonts\families\PermanentMarker.json	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\CompositorDebugger\clear.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\VoiceChat\New\Unmuted0.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected]	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\[email protected]	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.42\Trust Protection Lists\Sigma\Content	setup.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_2x_20.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Emotes\Large\SelectedGradient.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\VoiceChat\Unmuted0.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\VoiceChat\MicDark\Unmuted0.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_1x_4.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerLauncher.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 39 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayer_v1.6.0.5520592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayer_v1.6.0.5520592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SWUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fast!.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FastSRV.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fast!.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayer_v1.6.0.5520592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayer_v1.6.0.5520592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SetupEngine.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SWUpdaterSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayer_v1.6.0.5520592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	diskspd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayer_v1.6.0.5520592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveInstaller-v1.5.18.2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SWUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SetupEngine.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SWUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SWUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SWUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nsx474D.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SWUpdater.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 5 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3260	SWUpdater.exe
7848	SWUpdater.exe
8516	MicrosoftEdgeUpdate.exe
3152	MicrosoftEdgeUpdate.exe
11196	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 21 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	wavebrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	NW_store.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	NW_store.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	wavebrowser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	wavebrowser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	nw.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	NW_store.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	wavebrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	wavebrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	wavebrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	nw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	nw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerLauncher.exe

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe

Modifies data under HKEY_USERS 46 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	NW_store.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	wavebrowser.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	wavebrowser.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	nw.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133689814467814136"	wavebrowser.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-3000"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\WavesorSWUpdater.CredentialDialogUser.1.0\CLSID\ = "{D12748C8-5013-45E2-9A24-2FB7C2EEFB7C}"	SWUpdater.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Interface\{B2083DCC-1D29-45E6-8386-BEE1488D11AA}	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Interface\{617E37E1-AC79-4162-BACC-C797A1D31D3E}\NumMethods\ = "5"	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebSvc.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\WOW6432Node\CLSID\{D12748C8-5013-45E2-9A24-2FB7C2EEFB7C}\ProgID	SWUpdater.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Interface\{2C53B9D4-A718-4972-B28E-2E7AF1055602}	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Interface\{DA4EFC2D-B243-4BA8-8A14-8937D867B699}\ProxyStubClsid32	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Interface\{DA4EFC2D-B243-4BA8-8A14-8937D867B699}\ = "IAppBundle"	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Interface\{B2083DCC-1D29-45E6-8386-BEE1488D11AA}\ = "IAppBundleWeb"	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Interface\{E053F7BD-D525-49F4-9ADE-5D7E6FCEE775}\NumMethods	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe\AppID = "{CECDDD22-2E72-4832-9606-A9B0E5E344B2}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\WOW6432Node\Interface\{D3C865DD-E36B-432E-9E47-554925B86737}\NumMethods\ = "4"	SWUpdater.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\WOW6432Node\Interface\{3BE77C6E-0029-4F24-B677-32C9E15CD8F1}\NumMethods	SWUpdater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.135.0\\psuser_64.dll"	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\ProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Interface\{730EBDF4-7AD2-4516-BF1A-6C6F28C60CF9}\ = "IProcessLauncher"	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\WOW6432Node\Interface\{617E37E1-AC79-4162-BACC-C797A1D31D3E}\ = "IGoogleUpdate"	SWUpdater.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\WavesorSWUpdater.Update3WebUser\CurVer	SWUpdater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ = "IProgressWndEvents"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods\ = "12"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\WOW6432Node\Interface\{0D311A22-BD24-4C7A-8FC1-117F8D62A781}\ = "IProgressWndEvents"	SWUpdater.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Interface\{E4E159E0-7B9C-4D75-AC11-A80628173DE3}	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\.pdf\OpenWithProgids\WaveBrwsHTM.6PZ7PXH7KSIM6PUNJ4SZAADIUY	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\WaveBrwsHTM.6PZ7PXH7KSIM6PUNJ4SZAADIUY\Application\ApplicationIcon = "C:\\Users\\Admin\\Wavesor Software\\WaveBrowser\\wavebrowser.exe,0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Interface\{D3C865DD-E36B-432E-9E47-554925B86737}	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\WOW6432Node\Interface\{2C53B9D4-A718-4972-B28E-2E7AF1055602}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}"	SWUpdater.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\WOW6432Node\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32	SWUpdater.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Interface\{B2083DCC-1D29-45E6-8386-BEE1488D11AA}	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\Elevation	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Interface\{8129608C-48BD-42A6-9EBC-7B0933A5CFA3}\NumMethods\ = "12"	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\WaveBrwsHTM.6PZ7PXH7KSIM6PUNJ4SZAADIUY\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Interface\{C5E89508-3927-4EF5-A3B3-C479F0D4E36F}\NumMethods	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Interface\{7DFF302B-EA41-49F8-97B1-9413CEF98C68}	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\WOW6432Node\CLSID\{3C41B0C4-B5B6-4293-BED4-C927CCFDB909}\ = "SWUpdater Policy Status Class"	SWUpdater.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}	MicrosoftEdgeUpdateComRegisterShell64.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 92757.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 496358.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 397757.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 958907.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2408	msedge.exe
2408	msedge.exe
4900	msedge.exe
4900	msedge.exe
7036	identity_helper.exe
7036	identity_helper.exe
5600	msedge.exe
5600	msedge.exe
5124	msedge.exe
5124	msedge.exe
3812	SWUpdater.exe
3812	SWUpdater.exe
5680	setup.exe
5680	setup.exe
5680	setup.exe
5680	setup.exe
5680	setup.exe
5680	setup.exe
3812	SWUpdater.exe
3812	SWUpdater.exe
3812	SWUpdater.exe
3812	SWUpdater.exe
10212	msedge.exe
10212	msedge.exe
7320	RobloxPlayerLauncher.exe
7320	RobloxPlayerLauncher.exe
10108	msedge.exe
10108	msedge.exe
10108	msedge.exe
10108	msedge.exe
5080	MicrosoftEdgeUpdate.exe
5080	MicrosoftEdgeUpdate.exe
8760	msedge.exe
8760	msedge.exe
9724	Setup.exe
9724	Setup.exe
9724	Setup.exe
9724	Setup.exe
9724	Setup.exe
9724	Setup.exe
9724	Setup.exe
9724	Setup.exe
9156	msedge.exe
9156	msedge.exe
7908	nsx474D.tmp
7908	nsx474D.tmp
7908	nsx474D.tmp
7908	nsx474D.tmp
7908	nsx474D.tmp
7908	nsx474D.tmp
4364	Watchdog.exe
4364	Watchdog.exe
7620	PcAppStore.exe
7620	PcAppStore.exe
4364	Watchdog.exe
7620	PcAppStore.exe
7620	PcAppStore.exe
4364	Watchdog.exe
7620	PcAppStore.exe
7620	PcAppStore.exe
4780	NW_store.exe
4780	NW_store.exe
4780	NW_store.exe
4780	NW_store.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
7620	PcAppStore.exe
11072	SetupEngine.exe
9064	Fast!.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	3556	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3556	AUDIODG.EXE
Token: SeDebugPrivilege	4240	Wave Browser.exe
Token: SeDebugPrivilege	3812	SWUpdater.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeDebugPrivilege	3812	SWUpdater.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe
Token: SeCreatePagefilePrivilege	7004	wavebrowser.exe
Token: SeShutdownPrivilege	7004	wavebrowser.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
7020	setup.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7004	wavebrowser.exe
7620	PcAppStore.exe
7620	PcAppStore.exe
7620	PcAppStore.exe
7620	PcAppStore.exe
7620	PcAppStore.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
7620	PcAppStore.exe
7620	PcAppStore.exe
7620	PcAppStore.exe
7620	PcAppStore.exe
7620	PcAppStore.exe
7620	PcAppStore.exe
7620	PcAppStore.exe
7620	PcAppStore.exe
7872	DllHost.exe
7872	DllHost.exe
7620	PcAppStore.exe
7620	PcAppStore.exe
7872	DllHost.exe
7872	DllHost.exe
7620	PcAppStore.exe
7620	PcAppStore.exe
7872	DllHost.exe
7872	DllHost.exe
7620	PcAppStore.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 208	4900	msedge.exe	87
PID 4900 wrote to memory of 208	4900	msedge.exe	87
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 372	4900	msedge.exe	88
PID 4900 wrote to memory of 2408	4900	msedge.exe	89
PID 4900 wrote to memory of 2408	4900	msedge.exe	89
PID 4900 wrote to memory of 4704	4900	msedge.exe	90
PID 4900 wrote to memory of 4704	4900	msedge.exe	90
PID 4900 wrote to memory of 4704	4900	msedge.exe	90
PID 4900 wrote to memory of 4704	4900	msedge.exe	90
PID 4900 wrote to memory of 4704	4900	msedge.exe	90
PID 4900 wrote to memory of 4704	4900	msedge.exe	90
PID 4900 wrote to memory of 4704	4900	msedge.exe	90
PID 4900 wrote to memory of 4704	4900	msedge.exe	90
PID 4900 wrote to memory of 4704	4900	msedge.exe	90
PID 4900 wrote to memory of 4704	4900	msedge.exe	90
PID 4900 wrote to memory of 4704	4900	msedge.exe	90
PID 4900 wrote to memory of 4704	4900	msedge.exe	90
PID 4900 wrote to memory of 4704	4900	msedge.exe	90
PID 4900 wrote to memory of 4704	4900	msedge.exe	90
PID 4900 wrote to memory of 4704	4900	msedge.exe	90
PID 4900 wrote to memory of 4704	4900	msedge.exe	90
PID 4900 wrote to memory of 4704	4900	msedge.exe	90
PID 4900 wrote to memory of 4704	4900	msedge.exe	90
PID 4900 wrote to memory of 4704	4900	msedge.exe	90
PID 4900 wrote to memory of 4704	4900	msedge.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://robloxplayer.en.softonic.com/roblox/game
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8931346f8,0x7ff893134708,0x7ff893134718
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7820 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1
  2⤵
  PID:6660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7844 /prefetch:1
  2⤵
  PID:6668
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7980 /prefetch:8
  2⤵
  PID:6888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7980 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  PID:6204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:6232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8304 /prefetch:8
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1
  2⤵
  PID:6820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8868 /prefetch:1
  2⤵
  PID:6800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:6812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
  2⤵
  PID:6796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:6668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7204 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8036 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8468 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:6324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:6696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7472 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1
  2⤵
  PID:6876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9060 /prefetch:8
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9048 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5124
- C:\Users\Admin\Downloads\Wave Browser.exe
  "C:\Users\Admin\Downloads\Wave Browser.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:4240
- - C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe" /install "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1992
  - - C:\Program Files (x86)\Wavesor\Temp\GUM7C40.tmp\SWUpdater.exe
      "C:\Program Files (x86)\Wavesor\Temp\GUM7C40.tmp\SWUpdater.exe" /install "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Checks whether UAC is enabled
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3812
    - - C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe
        
        "C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks whether UAC is enabled
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:6160
      - C:\Users\Admin\Wavesor Software\SWUpdater\1.3.135.0\SWUpdaterComRegisterShell64.exe
        
        "C:\Users\Admin\Wavesor Software\SWUpdater\1.3.135.0\SWUpdaterComRegisterShell64.exe" /user
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:5308
      - C:\Users\Admin\Wavesor Software\SWUpdater\1.3.135.0\SWUpdaterComRegisterShell64.exe
        
        "C:\Users\Admin\Wavesor Software\SWUpdater\1.3.135.0\SWUpdaterComRegisterShell64.exe" /user
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:5976
      - C:\Users\Admin\Wavesor Software\SWUpdater\1.3.135.0\SWUpdaterComRegisterShell64.exe
        
        "C:\Users\Admin\Wavesor Software\SWUpdater\1.3.135.0\SWUpdaterComRegisterShell64.exe" /user
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:6008
    - - C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe
        
        "C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTM1LjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzUuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9InswMkIxMkY0NC1EMUU3LTRFQTYtQTE4Ny05NTc0MDhFQzQ2OUV9IiB1c2VyaWQ9IntlMDJiMDE0ZS01MTdkLTQ2OTktODg5MS05Yzg3YTljZDNkZTB9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHJlcXVlc3RpZD0iezJEN0UwQzcwLTkyMDYtNEFBNy04QjRELUY3Qzc1QUI0QzkzMH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7RjZGNjBBQ0UtNzFBRC00NjEwLTgwRDQtOTI1MzcyOUZCNEI3fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjEzNS4wIiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iMzEyIi8-PC9hcHA-PC9yZXF1ZXN0Pg
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks whether UAC is enabled
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:3260
    - - C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe
        
        "C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /handoff "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1" /installsource otherinstallcmd /sessionid "{02B12F44-D1E7-4EA6-A187-957408EC469E}"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks whether UAC is enabled
        System Location Discovery: System Language Discovery
        
        PID:6460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
  2⤵
  PID:6892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8348 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:7032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8636 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8352 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7964 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:6612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:6636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:6464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8028 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9592 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9648 /prefetch:1
  2⤵
  PID:6568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9392 /prefetch:8
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:9220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:10212
- C:\Users\Admin\Downloads\RobloxPlayer_v1.6.0.5520592.exe
  "C:\Users\Admin\Downloads\RobloxPlayer_v1.6.0.5520592.exe"
  2⤵
  - Checks whether UAC is enabled
  - System Location Discovery: System Language Discovery
  PID:8868
- - C:\Users\Admin\Downloads\RobloxPlayer_v1.6.0.5520592.exe
    C:\Users\Admin\Downloads\RobloxPlayer_v1.6.0.5520592.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=4b4135d8a5af5c6ff5bb89faa646bc380209874d --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x750,0x754,0x758,0x74c,0x640,0xf95f68,0xf95f78,0xf95f88
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6084
- - C:\Users\Admin\AppData\Local\Temp\RBX-D2559FC5\RobloxPlayerLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\RBX-D2559FC5\RobloxPlayerLauncher.exe"
    3⤵
    - Checks computer location settings
    - Checks whether UAC is enabled
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Enumerates system info in registry
    - Modifies Internet Explorer settings
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:7320
  - - C:\Users\Admin\AppData\Local\Temp\RBX-D2559FC5\RobloxPlayerLauncher.exe
      C:\Users\Admin\AppData\Local\Temp\RBX-D2559FC5\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://uploads.backtrace.rbx.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=9b73db116287a6bdc64a72354fb870d4b4b1e288 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x564,0x568,0x56c,0x540,0x57c,0x103bc2c,0x103bc3c,0x103bc4c
      4⤵
      System Location Discovery: System Language Discovery
      PID:10184
  - - C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
      MicrosoftEdgeWebview2Setup.exe /silent /install
      4⤵
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      PID:5748
    - - C:\Program Files (x86)\Microsoft\Temp\EUC3F2.tmp\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\Temp\EUC3F2.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
        5⤵
        Event Triggered Execution: Image File Execution Options Injection
        Checks system information in the registry
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:5080
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        6⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:7508
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        6⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:7540
        
        C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        7⤵
        Modifies registry class
        
        PID:8552
        
        C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        7⤵
        Modifies registry class
        
        PID:10012
        
        C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        7⤵
        Modifies registry class
        
        PID:3380
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTUyMDMxQ0YtOUIzRC00NkUxLTk0RjYtNzFDOTEzM0E0N0FFfSIgdXNlcmlkPSJ7MjM0MzdBMTItNkY2NS00QzkxLUI0OUItRTA4MzFEQUMxQzY5fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsxNjIwQzZDRS0wNTk1LTRBNkQtQTY0NS01NzMzOTIwRDkzNDN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE5NS4xNSIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYyMzg5NTUwNTQiIGluc3RhbGxfdGltZV9tcz0iMTg0MSIvPjwvYXBwPjwvcmVxdWVzdD4
        6⤵
        Checks system information in the registry
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:8516
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{E52031CF-9B3D-46E1-94F6-71C9133A47AE}" /silent
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4316
- C:\Users\Admin\Downloads\RobloxPlayer_v1.6.0.5520592.exe
  "C:\Users\Admin\Downloads\RobloxPlayer_v1.6.0.5520592.exe"
  2⤵
  - Checks computer location settings
  - Checks whether UAC is enabled
  - System Location Discovery: System Language Discovery
  PID:8740
- - C:\Users\Admin\Downloads\RobloxPlayer_v1.6.0.5520592.exe
    C:\Users\Admin\Downloads\RobloxPlayer_v1.6.0.5520592.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=4b4135d8a5af5c6ff5bb89faa646bc380209874d --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x55c,0x560,0x564,0x538,0x56c,0xf95f68,0xf95f78,0xf95f88
    3⤵
    - System Location Discovery: System Language Discovery
    PID:10088
- - C:\Users\Admin\AppData\Local\Temp\RBX-10985C00\RobloxPlayerLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\RBX-10985C00\RobloxPlayerLauncher.exe"
    3⤵
    - Checks whether UAC is enabled
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Enumerates system info in registry
    - Modifies Internet Explorer settings
    - Modifies registry class
    PID:9752
  - - C:\Users\Admin\AppData\Local\Temp\RBX-10985C00\RobloxPlayerLauncher.exe
      C:\Users\Admin\AppData\Local\Temp\RBX-10985C00\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://uploads.backtrace.rbx.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=9b73db116287a6bdc64a72354fb870d4b4b1e288 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x564,0x568,0x56c,0x544,0x57c,0x130bc2c,0x130bc3c,0x130bc4c
      4⤵
      System Location Discovery: System Language Discovery
      PID:6592
- C:\Users\Admin\Downloads\RobloxPlayer_v1.6.0.5520592.exe
  "C:\Users\Admin\Downloads\RobloxPlayer_v1.6.0.5520592.exe"
  2⤵
  - Checks computer location settings
  - Checks whether UAC is enabled
  - System Location Discovery: System Language Discovery
  PID:10048
- - C:\Users\Admin\Downloads\RobloxPlayer_v1.6.0.5520592.exe
    C:\Users\Admin\Downloads\RobloxPlayer_v1.6.0.5520592.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=4b4135d8a5af5c6ff5bb89faa646bc380209874d --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x560,0x564,0x568,0x53c,0x574,0xf95f68,0xf95f78,0xf95f88
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9420
- - C:\Users\Admin\AppData\Local\Temp\RBX-41D3EC05\RobloxPlayerLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\RBX-41D3EC05\RobloxPlayerLauncher.exe"
    3⤵
    - Checks whether UAC is enabled
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Enumerates system info in registry
    - Modifies Internet Explorer settings
    - Modifies registry class
    PID:8744
  - - C:\Users\Admin\AppData\Local\Temp\RBX-41D3EC05\RobloxPlayerLauncher.exe
      C:\Users\Admin\AppData\Local\Temp\RBX-41D3EC05\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://uploads.backtrace.rbx.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=9b73db116287a6bdc64a72354fb870d4b4b1e288 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x564,0x568,0x56c,0x53c,0x57c,0xd6bc2c,0xd6bc3c,0xd6bc4c
      4⤵
      System Location Discovery: System Language Discovery
      PID:9244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:8360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:9680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:8852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:8576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8752 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:10108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:9688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
  2⤵
  PID:9760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8284 /prefetch:1
  2⤵
  PID:7236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:6540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8344 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:7324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8752 /prefetch:8
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8760
- C:\Users\Admin\Downloads\Setup.exe
  "C:\Users\Admin\Downloads\Setup.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:9724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://pcapp.store/installing.php?guid=DD06E985-AC7F-4567-B0C7-3752F03C29FCX&winver=19041&version=fa.1091v&nocache=20240824135843.214&_fcid=1724507894609586
    3⤵
    PID:8180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8931346f8,0x7ff893134708,0x7ff893134718
      4⤵
      PID:7540
- - C:\Users\Admin\AppData\Local\Temp\nsx474D.tmp
    "C:\Users\Admin\AppData\Local\Temp\nsx474D.tmp" /internal 1724507894609586 /force
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:7908
  - - C:\Users\Admin\PCAppStore\PcAppStore.exe
      "C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default
      4⤵
      Checks computer location settings
      Enumerates connected drives
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:7620
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        .\nwjs\NW_store.exe .\ui\.
        5⤵
        Checks system information in the registry
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        
        PID:8508
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        C:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x2ac,0x2b0,0x2b4,0x2a8,0x2b8,0x7ff8828ca960,0x7ff8828ca970,0x7ff8828ca980
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4780
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1916 --field-trial-handle=1964,i,6688565397700418492,7509367764060213157,262144 --variations-seed-version /prefetch:2
        6⤵
        
        PID:8208
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --mojo-platform-channel-handle=2052 --field-trial-handle=1964,i,6688565397700418492,7509367764060213157,262144 --variations-seed-version /prefetch:3
        6⤵
        
        PID:9760
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=2308 --field-trial-handle=1964,i,6688565397700418492,7509367764060213157,262144 --variations-seed-version /prefetch:8
        6⤵
        Checks computer location settings
        
        PID:4496
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --no-appcompat-clear --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\PCAppStore\nwjs\gen" --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1964,i,6688565397700418492,7509367764060213157,262144 --variations-seed-version /prefetch:2
        6⤵
        Checks computer location settings
        
        PID:9156
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4304 --field-trial-handle=1964,i,6688565397700418492,7509367764060213157,262144 --variations-seed-version /prefetch:8
        6⤵
        
        PID:5576
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=5020 --field-trial-handle=1964,i,6688565397700418492,7509367764060213157,262144 --variations-seed-version /prefetch:8
        6⤵
        
        PID:10692
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=676 --field-trial-handle=1964,i,6688565397700418492,7509367764060213157,262144 --variations-seed-version /prefetch:8
        6⤵
        
        PID:5528
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=5004 --field-trial-handle=1964,i,6688565397700418492,7509367764060213157,262144 --variations-seed-version /prefetch:8
        6⤵
        Drops file in System32 directory
        
        PID:8564
    - - C:\Users\Admin\PCAppStore\download\SetupEngine.exe
        
        "C:\Users\Admin\PCAppStore\download\SetupEngine.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11128
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://veryfast.io/installing.html?guid=DD06E985-AC7F-4567-B0C7-3752F03C29FCX&_fcid=
        6⤵
        
        PID:10720
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8931346f8,0x7ff893134708,0x7ff893134718
        7⤵
        
        PID:10640
      - C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe
        
        "C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe" /fcid /instdir C:\Program Files (x86)\Fast! /startup 1
        6⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Suspicious behavior: GetForegroundWindowSpam
        
        PID:11072
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c "C:\Users\Admin\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\Admin\AppData\Local\FAST!\Temp\testfile.temp" > C:\Users\Admin\AppData\Local\FAST!\Temp\dskres.xml
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\FAST!\Temp\diskspd.exe
        
        C:\Users\Admin\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\Admin\AppData\Local\FAST!\Temp\testfile.temp
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10432
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://veryfast.io/installed.php?guid=DD06E985-AC7F-4567-B0C7-3752F03C29FCX&_fcid=
        7⤵
        
        PID:11044
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xc4,0xc8,0x124,0x100,0x128,0x7ff8931346f8,0x7ff893134708,0x7ff893134718
        8⤵
        
        PID:10312
        
        C:\Program Files (x86)\Fast!\Fast!.exe
        
        "C:\Program Files (x86)\Fast!\Fast!.exe"
        7⤵
        Checks computer location settings
        Enumerates connected drives
        System Location Discovery: System Language Discovery
        Suspicious behavior: GetForegroundWindowSpam
        
        PID:9064
        
        C:\Program Files (x86)\Fast!\nwjs\nw.exe
        
        "C:\Program Files (x86)\Fast!\nwjs\nw.exe" ui\.
        8⤵
        Checks computer location settings
        Checks system information in the registry
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        
        PID:10596
        
        C:\Program Files (x86)\Fast!\nwjs\nw.exe
        
        "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\FAST!\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\FAST!\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\FAST!\User Data" --annotation=plat=Win64 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x2b8,0x270,0x278,0x2b4,0x2bc,0x7ff8825da970,0x7ff8825da980,0x7ff8825da990
        9⤵
        
        PID:8068
        
        C:\Program Files (x86)\Fast!\nwjs\nw.exe
        
        "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1924 --field-trial-handle=1928,i,8076953376545920052,13931404023407582015,262144 /prefetch:2
        9⤵
        
        PID:11096
        
        C:\Program Files (x86)\Fast!\nwjs\nw.exe
        
        "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --mojo-platform-channel-handle=2040 --field-trial-handle=1928,i,8076953376545920052,13931404023407582015,262144 /prefetch:8
        9⤵
        
        PID:8244
        
        C:\Program Files (x86)\Fast!\nwjs\nw.exe
        
        "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=2172 --field-trial-handle=1928,i,8076953376545920052,13931404023407582015,262144 /prefetch:8
        9⤵
        
        PID:1812
        
        C:\Program Files (x86)\Fast!\nwjs\nw.exe
        
        "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Program Files (x86)\Fast!\nwjs\gen" --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2840 --field-trial-handle=1928,i,8076953376545920052,13931404023407582015,262144 /prefetch:1
        9⤵
        
        PID:11128
        
        C:\Program Files (x86)\Fast!\nwjs\nw.exe
        
        "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=4116 --field-trial-handle=1928,i,8076953376545920052,13931404023407582015,262144 /prefetch:8
        9⤵
        
        PID:11772
        
        C:\Program Files (x86)\Fast!\nwjs\nw.exe
        
        "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1892 --field-trial-handle=1928,i,8076953376545920052,13931404023407582015,262144 /prefetch:2
        9⤵
        
        PID:10612
        
        C:\Program Files (x86)\Fast!\nwjs\nw.exe
        
        "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1924 --field-trial-handle=1928,i,8076953376545920052,13931404023407582015,262144 /prefetch:2
        9⤵
        
        PID:10700
        
        C:\Program Files (x86)\Fast!\nwjs\nw.exe
        
        "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3740 --field-trial-handle=1928,i,8076953376545920052,13931404023407582015,262144 /prefetch:8
        9⤵
        
        PID:3692
        
        C:\Program Files (x86)\Fast!\nwjs\nw.exe
        
        "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3736 --field-trial-handle=1928,i,8076953376545920052,13931404023407582015,262144 /prefetch:8
        9⤵
        
        PID:4060
  - - C:\Users\Admin\PCAppStore\Watchdog.exe
      "C:\Users\Admin\PCAppStore\Watchdog.exe" /guid=DD06E985-AC7F-4567-B0C7-3752F03C29FCX /rid=20240824135905.460240819484 /ver=fa.1091v
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10516 /prefetch:1
  2⤵
  PID:6212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=8932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:9156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:10920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17460070127295154152,14168436999311688285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10600 /prefetch:1
  2⤵
  PID:6356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2080

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2d4 0x33c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3556

C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe
"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" -Embedding
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
PID:5536
- C:\Users\Admin\Wavesor Software\SWUpdater\Install\{BECEEE41-5A7E-41E3-B98E-8DEC17762C6E}\WaveInstaller-v1.5.18.2.exe
  "C:\Users\Admin\Wavesor Software\SWUpdater\Install\{BECEEE41-5A7E-41E3-B98E-8DEC17762C6E}\WaveInstaller-v1.5.18.2.exe" /installerdata="C:\Users\Admin\AppData\Local\Temp\guiC937.tmp"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6780
- - C:\Users\Admin\AppData\Local\Temp\nstCDFA.tmp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\nstCDFA.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\nstCDFA.tmp\wavebrowser.packed.7z" --wid=7ulvypg5 --installerdata="C:\Users\Admin\AppData\Local\Temp\guiC937.tmp"
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:5680
  - - C:\Users\Admin\AppData\Local\Temp\nstCDFA.tmp\setup.exe
      C:\Users\Admin\AppData\Local\Temp\nstCDFA.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.5.18.2 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0x7ff7a2ed12d0,0x7ff7a2ed12dc,0x7ff7a2ed12e8
      4⤵
      Executes dropped EXE
      PID:5324
  - - C:\Users\Admin\AppData\Local\Temp\nstCDFA.tmp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\nstCDFA.tmp\setup.exe" --verbose-logging --installerdata="C:\Users\Admin\AppData\Local\Temp\guiC937.tmp" --create-shortcuts=0 --install-level=0
      4⤵
      Executes dropped EXE
      Suspicious use of FindShellTrayWindow
      PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\nstCDFA.tmp\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\nstCDFA.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.5.18.2 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0x7ff7a2ed12d0,0x7ff7a2ed12dc,0x7ff7a2ed12e8
        5⤵
        Executes dropped EXE
        
        PID:6816
  - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
      "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --install-type=1 --from-installer
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:7004
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\WaveBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\WaveBrowser\User Data" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.5.18.2 --initial-client-data=0x11c,0x120,0x124,0x100,0x128,0x7ff880e2ccf0,0x7ff880e2ccfc,0x7ff880e2cd08
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:6320
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=gpu-process --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2076,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=2072 /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5168
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --start-stack-profiler --field-trial-handle=1980,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=2188 /prefetch:3
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:7000
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2324,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=2536 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4512
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2676,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=3612 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:6376
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2780,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=3644 /prefetch:2
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:6960
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3960,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=3980 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5972
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3744,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4588 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:8048
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4600,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4696 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:7184
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4596,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4684 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:7340
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4568,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4880 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:7396
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4740,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4732 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:7384
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4748,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5216 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:6052
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4756,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4924 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:7532
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4764,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5656 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:7580
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4772,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5792 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:7604
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4780,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5928 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:7708
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4788,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6056 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:7812
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4796,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6200 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5380
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6408,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6404 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:7984
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6344,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6528 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:8044
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6696,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6708 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:7276
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6900,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6920 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:7176
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5664,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7060 /prefetch:2
        5⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:7496
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3924,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4792 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:7344
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7484,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7516 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:8256
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7496,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7664 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:8400
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7488,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7808 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:8484
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7648,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8124 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:8572
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8264,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8272 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:8600
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7800,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8568 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:8720
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8720,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8732 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:8752
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8712,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8880 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:8872
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9016,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9028 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:8912
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9312,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9324 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:8216
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3980,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6568 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:7200
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4624,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5056 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:7404
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7532,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5540 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:8896
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5420,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5624 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:8952
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8628,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8576 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:8968
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8616,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8804 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:9088
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8600,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8932 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:8932
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8684,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8800 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:9112
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8660,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8732 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:9104
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8636,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9120 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:9144
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8612,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7548 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:9188
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8696,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9324 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:5864
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8688,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8440 /prefetch:8
        5⤵
        
        PID:8292
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8648,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8624 /prefetch:8
        5⤵
        
        PID:8272
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8592,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8240 /prefetch:8
        5⤵
        
        PID:8680
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7888,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7852 /prefetch:8
        5⤵
        
        PID:8984
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7944,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7900 /prefetch:8
        5⤵
        
        PID:8840
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6456,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6448 /prefetch:8
        5⤵
        
        PID:8940
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6460,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7876 /prefetch:8
        5⤵
        
        PID:8660
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9656,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9668 /prefetch:8
        5⤵
        
        PID:8956
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9528,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9808 /prefetch:8
        5⤵
        
        PID:8852
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9948,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9960 /prefetch:8
        5⤵
        
        PID:8856
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6468,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9660 /prefetch:8
        5⤵
        
        PID:8492
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10252,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10244 /prefetch:8
        5⤵
        
        PID:8888
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5492,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10404 /prefetch:8
        5⤵
        
        PID:8504
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10536,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10548 /prefetch:8
        5⤵
        
        PID:8500
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5144,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10540 /prefetch:8
        5⤵
        
        PID:8212
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10692,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10820 /prefetch:8
        5⤵
        
        PID:8976
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10964,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10960 /prefetch:8
        5⤵
        
        PID:6588
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11112,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10992 /prefetch:8
        5⤵
        
        PID:7212
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11116,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9944 /prefetch:8
        5⤵
        
        PID:7252
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11284,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11412 /prefetch:8
        5⤵
        
        PID:8244
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11436,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11568 /prefetch:8
        5⤵
        
        PID:7872
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11704,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11716 /prefetch:8
        5⤵
        
        PID:8712
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11700,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11860 /prefetch:8
        5⤵
        
        PID:8804
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11268,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12008 /prefetch:8
        5⤵
        
        PID:8880
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11708,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12152 /prefetch:8
        5⤵
        
        PID:7200
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11868,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12304 /prefetch:8
        5⤵
        
        PID:8280
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=12444,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12456 /prefetch:8
        5⤵
        
        PID:8708
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=8036,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6072 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:8960
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=6100,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8100 /prefetch:1
        5⤵
        
        PID:9140
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=5104,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4832 /prefetch:2
        5⤵
        
        PID:9448
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=12572,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11552 /prefetch:1
        5⤵
        
        PID:8916
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=9300,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11412 /prefetch:2
        5⤵
        
        PID:7492
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=9304,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12024 /prefetch:2
        5⤵
        Checks computer location settings
        
        PID:5972
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=12548,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12104 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:7340
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=12520,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11664 /prefetch:2
        5⤵
        
        PID:9188
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --field-trial-handle=9740,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12048 /prefetch:2
        5⤵
        Checks computer location settings
        
        PID:9468
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9776,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12052 /prefetch:8
        5⤵
        
        PID:8996
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=10528,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11760 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:9472
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --field-trial-handle=8108,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10428 /prefetch:2
        5⤵
        Checks computer location settings
        
        PID:8584
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=9088,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11712 /prefetch:2
        5⤵
        
        PID:9496
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --field-trial-handle=12516,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12576 /prefetch:2
        5⤵
        Checks computer location settings
        
        PID:8944
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --field-trial-handle=12588,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10144 /prefetch:2
        5⤵
        Checks computer location settings
        
        PID:8388
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --field-trial-handle=9660,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7588 /prefetch:2
        5⤵
        
        PID:6084
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=12488,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8056 /prefetch:8
        5⤵
        
        PID:9504
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --field-trial-handle=10100,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6564 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:9892
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=12456,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9672 /prefetch:8
        5⤵
        
        PID:10196
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10900,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7972 /prefetch:8
        5⤵
        
        PID:9232
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=12396,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10436 /prefetch:8
        5⤵
        
        PID:7736
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --field-trial-handle=9556,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12592 /prefetch:2
        5⤵
        Checks computer location settings
        
        PID:8824
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=12384,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12272 /prefetch:8
        5⤵
        
        PID:9260
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --field-trial-handle=10452,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9500 /prefetch:1
        5⤵
        
        PID:8144
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --field-trial-handle=8168,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7688 /prefetch:2
        5⤵
        
        PID:8436
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4024,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11968 /prefetch:8
        5⤵
        
        PID:9724
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9772,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11608 /prefetch:8
        5⤵
        
        PID:9852
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10036,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9940 /prefetch:8
        5⤵
        
        PID:8064
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9416,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8392 /prefetch:8
        5⤵
        
        PID:8404
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --field-trial-handle=10236,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11140 /prefetch:2
        5⤵
        
        PID:10192
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9460,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9472 /prefetch:8
        5⤵
        
        PID:10152
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8392,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9172 /prefetch:8
        5⤵
        
        PID:10204
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9920,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11520 /prefetch:8
        5⤵
        
        PID:8884
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10600,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10616 /prefetch:8
        5⤵
        
        PID:9116
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11448,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10628 /prefetch:8
        5⤵
        
        PID:9408
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6868,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9668 /prefetch:8
        5⤵
        
        PID:8800
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9020,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7640 /prefetch:8
        5⤵
        
        PID:8976
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --field-trial-handle=9544,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8248 /prefetch:2
        5⤵
        
        PID:9672
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8060,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9508 /prefetch:8
        5⤵
        
        PID:1908
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --field-trial-handle=11852,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10952 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:7844
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --field-trial-handle=6232,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6784 /prefetch:2
        5⤵
        Checks computer location settings
        
        PID:9684
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=6284,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12580 /prefetch:8
        5⤵
        
        PID:1252
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6736,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6828 /prefetch:8
        5⤵
        
        PID:11144
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6208,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8228 /prefetch:8
        5⤵
        
        PID:5528
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --field-trial-handle=7784,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6824 /prefetch:2
        5⤵
        Checks computer location settings
        
        PID:10736
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --field-trial-handle=12584,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12360 /prefetch:1
        5⤵
        
        PID:632
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --field-trial-handle=6268,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9596 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:10216
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --field-trial-handle=9580,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9712 /prefetch:2
        5⤵
        Checks computer location settings
        
        PID:10148
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6352,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11636 /prefetch:8
        5⤵
        
        PID:8904
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --field-trial-handle=5788,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11584 /prefetch:1
        5⤵
        
        PID:6288
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --field-trial-handle=4868,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10876 /prefetch:2
        5⤵
        
        PID:9220
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --field-trial-handle=10156,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8248 /prefetch:1
        5⤵
        
        PID:11188
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --field-trial-handle=4872,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7992 /prefetch:1
        5⤵
        
        PID:11216
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --field-trial-handle=8444,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11080 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:7476
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --field-trial-handle=4752,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8472 /prefetch:1
        5⤵
        
        PID:1540
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --field-trial-handle=8208,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8500 /prefetch:1
        5⤵
        
        PID:8932
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --field-trial-handle=8976,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9012 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:10140
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --field-trial-handle=8424,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5196 /prefetch:1
        5⤵
        
        PID:10996
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --field-trial-handle=9448,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6472 /prefetch:1
        5⤵
        
        PID:8944
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --field-trial-handle=7604,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8532 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:11720
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --field-trial-handle=6540,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7616 /prefetch:1
        5⤵
        
        PID:11796
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --field-trial-handle=9424,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9032 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:11952
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --field-trial-handle=9464,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10488 /prefetch:1
        5⤵
        
        PID:11968
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --field-trial-handle=9152,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7760 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:11416
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --field-trial-handle=8172,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9428 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:11708
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --field-trial-handle=9028,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11772 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:6596
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --field-trial-handle=10032,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9712 /prefetch:1
        5⤵
        
        PID:10496
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --field-trial-handle=11080,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6684 /prefetch:1
        5⤵
        
        PID:11408
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --field-trial-handle=8092,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9164 /prefetch:1
        5⤵
        
        PID:3712
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --field-trial-handle=8440,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9116 /prefetch:1
        5⤵
        
        PID:1196
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --field-trial-handle=11856,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11416 /prefetch:1
        5⤵
        
        PID:11428
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --field-trial-handle=9428,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8792 /prefetch:1
        5⤵
        
        PID:11580
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --field-trial-handle=8472,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9560 /prefetch:1
        5⤵
        
        PID:11684
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --field-trial-handle=6688,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10060 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:11820
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --field-trial-handle=6476,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8968 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:11812
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=151 --field-trial-handle=7972,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9128 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:11876
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --field-trial-handle=10264,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8112 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:5896
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=153 --field-trial-handle=11204,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12616 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:11892
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=154 --field-trial-handle=10216,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12780 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:9952
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=155 --field-trial-handle=7980,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12896 /prefetch:1
        5⤵
        
        PID:7476
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=156 --field-trial-handle=6824,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=13012 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:10336
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=157 --field-trial-handle=8248,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=13136 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:10616
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=158 --field-trial-handle=5056,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11188 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:8980
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=159 --field-trial-handle=6236,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=13304 /prefetch:1
        5⤵
        
        PID:11332
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=160 --field-trial-handle=6324,i,3418971990112384795,8044402278931116163,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12052 /prefetch:1
        5⤵
        
        PID:11340
- C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe
  "C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTM1LjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzUuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9InswMkIxMkY0NC1EMUU3LTRFQTYtQTE4Ny05NTc0MDhFQzQ2OUV9IiB1c2VyaWQ9IntlMDJiMDE0ZS01MTdkLTQ2OTktODg5MS05Yzg3YTljZDNkZTB9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHJlcXVlc3RpZD0ie0M5RjMyMUI2LUFDODAtNDczRC1BREIxLUJENDZGN0QzMDVCQn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7RUIxNDlBRDItQ0U0RS00RjUxLUI3RkMtQTE0OUZBQTRDQ0FGfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS41LjE4LjIiIGxhbmc9ImVuIiBicmFuZD0iIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHBzOi8vY2RuLnN3dXBkYXRlci5jb20vYnVpbGQvV2F2ZUJyb3dzZXIvc3RhYmxlL3dpbi8xMTIwOTg3NjQzOTA2LzY0L1dhdmVJbnN0YWxsZXItdjEuNS4xOC4yLmV4ZSIgZG93bmxvYWRlZD0iMTA2ODExMDgwIiB0b3RhbD0iMTA2ODExMDgwIiBkb3dubG9hZF90aW1lX21zPSIxMTU2MCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjcxOSIgZG93bmxvYWRfdGltZV9tcz0iMTI0NDEiIGRvd25sb2FkZWQ9IjEwNjgxMTA4MCIgdG90YWw9IjEwNjgxMTA4MCIgaW5zdGFsbF90aW1lX21zPSIxNDc1NSIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:7848

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:8536

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:5624
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTUyMDMxQ0YtOUIzRC00NkUxLTk0RjYtNzFDOTEzM0E0N0FFfSIgdXNlcmlkPSJ7MjM0MzdBMTItNkY2NS00QzkxLUI0OUItRTA4MzFEQUMxQzY5fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InszRTI0RDdFRC00NjRBLTQ5REItQTEzNi0wMjg5QjFBREI3RDZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYyNDI4MjUwNjAiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3152
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{40CD3D3B-E9C1-41BF-B4CD-EDBC633D4FB7}\MicrosoftEdge_X64_128.0.2739.42.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{40CD3D3B-E9C1-41BF-B4CD-EDBC633D4FB7}\MicrosoftEdge_X64_128.0.2739.42.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  PID:6160
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{40CD3D3B-E9C1-41BF-B4CD-EDBC633D4FB7}\EDGEMITMP_EF367.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{40CD3D3B-E9C1-41BF-B4CD-EDBC633D4FB7}\EDGEMITMP_EF367.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{40CD3D3B-E9C1-41BF-B4CD-EDBC633D4FB7}\MicrosoftEdge_X64_128.0.2739.42.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Drops file in Program Files directory
    PID:5244
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{40CD3D3B-E9C1-41BF-B4CD-EDBC633D4FB7}\EDGEMITMP_EF367.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{40CD3D3B-E9C1-41BF-B4CD-EDBC633D4FB7}\EDGEMITMP_EF367.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.85 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{40CD3D3B-E9C1-41BF-B4CD-EDBC633D4FB7}\EDGEMITMP_EF367.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=128.0.2739.42 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff7a4e006d8,0x7ff7a4e006e4,0x7ff7a4e006f0
      4⤵
      PID:9968
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTUyMDMxQ0YtOUIzRC00NkUxLTk0RjYtNzFDOTEzM0E0N0FFfSIgdXNlcmlkPSJ7MjM0MzdBMTItNkY2NS00QzkxLUI0OUItRTA4MzFEQUMxQzY5fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntEOUE4QzhBMC1GQ0FGLTQyOTktOTFEQi1ERjI4QzhGQkE0N0Z9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI4LjAuMjczOS40MiIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjI1ODEzNDkzOSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYyNTgxODUxMDQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NDE4Njg0OTkwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9iMGY3MzFjZS1mNzA2LTRjODEtOTA2ZS1hMDVhYTAzNDc1N2Q_UDE9MTcyNTExMjY5OCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1KV3hSdnFXb1prJTJiNTFRN0gxV3hJM290UjdzNlZyOVVTZEFFWkdKWUw1dTR1d3c5bFphdktXbGs4aDhHdVg4Wm11TkhxMGF6SUF4VXQlMmJ1UmtTV1AwZEElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzM3NTAzNDQiIHRvdGFsPSIxNzM3NTAzNDQiIGRvd25sb2FkX3RpbWVfbXM9IjEzNzI1Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjQxODg1NTIxOSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY0MzMzODQ5MzUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjY5Mjc3Mzk2NzQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI5MzgiIGRvd25sb2FkX3RpbWVfbXM9IjE2MDU4IiBkb3dubG9hZGVkPSIxNzM3NTAzNDQiIHRvdGFsPSIxNzM3NTAzNDQiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQ5NDM0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:11196

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:7872

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
PID:10328

C:\Program Files (x86)\Fast!\FastSRV.exe
"C:\Program Files (x86)\Fast!\FastSRV.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:10316
- C:\Program Files (x86)\Fast!\fast!.exe
  "C:\Program Files (x86)\Fast!\fast!.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6408

C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
"C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --strtl=ti
1⤵
- Checks computer location settings
- Checks system information in the registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
PID:11584
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\WaveBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\WaveBrowser\User Data" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.5.18.2 --initial-client-data=0x120,0x124,0x128,0x104,0x12c,0x7ff880e2ccf0,0x7ff880e2ccfc,0x7ff880e2cd08
  2⤵
  PID:3128
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=gpu-process --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2388,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=2384 /prefetch:2
  2⤵
  PID:1396
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --start-stack-profiler --field-trial-handle=1872,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=2728 /prefetch:3
  2⤵
  PID:6812
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2020,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=3084 /prefetch:8
  2⤵
  PID:5732
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=3040,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  - Checks computer location settings
  PID:5396
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --instant-process --no-appcompat-clear --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3048,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=3716 /prefetch:1
  2⤵
  - Checks computer location settings
  PID:12460
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=3960,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4020 /prefetch:2
  2⤵
  PID:12480
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=4040,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4064 /prefetch:2
  2⤵
  PID:12500
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=4180,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4328 /prefetch:2
  2⤵
  PID:12512
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=5016,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5028 /prefetch:2
  2⤵
  PID:900
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=5392,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5444 /prefetch:2
  2⤵
  - Checks computer location settings
  PID:6384
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5228,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5476 /prefetch:2
  2⤵
  - Checks computer location settings
  PID:12588
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5384,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5372 /prefetch:2
  2⤵
  PID:12696
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5868,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5880 /prefetch:2
  2⤵
  - Checks computer location settings
  PID:5496
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4816,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6036 /prefetch:2
  2⤵
  PID:5772
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5592,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6152 /prefetch:2
  2⤵
  - Checks computer location settings
  PID:12728
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6384,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6388 /prefetch:2
  2⤵
  PID:9536
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5336,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6808 /prefetch:2
  2⤵
  - Checks computer location settings
  PID:8240
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6856,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  - Checks computer location settings
  PID:7312
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5164,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4932 /prefetch:8
  2⤵
  PID:9500
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7376,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7384 /prefetch:8
  2⤵
  PID:9120
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7040,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7548 /prefetch:1
  2⤵
  - Checks computer location settings
  PID:9028
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7596,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:11616
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7604,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=3600 /prefetch:8
  2⤵
  PID:11816
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6692,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7764 /prefetch:8
  2⤵
  PID:11692
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6680,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6868 /prefetch:8
  2⤵
  PID:7820
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4756,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7952 /prefetch:8
  2⤵
  PID:11976
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6840,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8212 /prefetch:8
  2⤵
  PID:1896
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5236,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8356 /prefetch:8
  2⤵
  PID:11236
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6480,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8504 /prefetch:8
  2⤵
  PID:11652
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6468,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6940 /prefetch:8
  2⤵
  PID:12216
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7292,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6700 /prefetch:8
  2⤵
  PID:2392
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5320,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8896 /prefetch:8
  2⤵
  PID:7852
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6832,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9200 /prefetch:8
  2⤵
  PID:11136
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7196,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9228 /prefetch:8
  2⤵
  PID:12952
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5240,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9372 /prefetch:8
  2⤵
  PID:10224
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5200,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9616 /prefetch:8
  2⤵
  PID:12248
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9756 /prefetch:8
  2⤵
  PID:3620
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=4044,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  - Checks computer location settings
  PID:2364
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7216,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6444 /prefetch:8
  2⤵
  PID:7720
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7288,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8912 /prefetch:8
  2⤵
  PID:11532
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7892,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9036 /prefetch:8
  2⤵
  PID:10488
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3144,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9180 /prefetch:8
  2⤵
  PID:13136
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10080,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10100 /prefetch:8
  2⤵
  PID:13088
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8984,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10244 /prefetch:8
  2⤵
  PID:12996
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10092,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10404 /prefetch:8
  2⤵
  PID:3944
- C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
  "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10252,i,14276626504309011050,14499502840776418268,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10436 /prefetch:8
  2⤵
  PID:11684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Fast!\BigTestFile

Filesize
1.5MB

MD5
20b43781d7a5be235d9d79aa5bf28c10

SHA1
dcff54412d5be16b25878ddc2a1905c0c22a6a69

SHA256
a3a9ffed7d709978ff30b670fc4503b5bdd78a7338c02de15dc9580a20c331bf

SHA512
3b7ac209503796cfc85c9e245b5b5751d5668c4edec9e3456b6ffc9dc33d2214b6f77546f5d0a50bd0242fac6df11546e4455b7eeed24d0ca9234973cba38fb9

Download Submit
C:\Program Files (x86)\Fast!\BigTestFile

Filesize
1.5MB

MD5
7bcf0074af17fa7557b8b6d0ad24878f

SHA1
f68caf62d33d4c2f2ff3d4993868ecd873e7d53e

SHA256
28d1e9c821ae768d89772541a23e02116b656a21672cf2aad7b8942602a67e01

SHA512
e4308d5a8926ab8636fd7fd91183641771337a4114bbeb595806e7a548354e1c962c76e17ed2de7535ee4d3a83b78da91d0484b9ebdf32b2c06d7fe03f1100a5

Download Submit
C:\Program Files (x86)\Fast!\fast!.exe

Filesize
785KB

MD5
7ba158c68cce67ae58015f010401a57d

SHA1
556eab5a862a76b12c5b9539c32071f6c2ad8ec9

SHA256
61fb598a9fba2c7a1f52165025da028e3b66427f53ed2a780ec9ef17aed34006

SHA512
d46399865bc92944c96f7398946dcec1f7fc9eeb63c971d60cb124c7697ca1d5ca7ae3fbb00609a3311a1798b4520f2e6fea2667870d3600c8bb5d0e62d26251

Download Submit
C:\Program Files (x86)\Fast!\uninstaller.exe

Filesize
466KB

MD5
ef6c5b733e1970707acf52e3f8be8e40

SHA1
31dea6172ec1d7743ba585b8d0c392bf30e13da1

SHA256
0804a3a43afe2b58c63b46c4feb972e1f43c0e7e013fff777e0ca6efea87f71c

SHA512
d0afa890d8acc23542df7d945cf39ce77b1b6318e482d2072f622d17b546ae0a18a1bc4ffef2646f3435e7562326ff13e8a551b2ce49cdea6c0dbbcdf3880e99

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Installer\setup.exe

Filesize
6.6MB

MD5
11a19165aa72e46ad47200ca46760c87

SHA1
2fe4616eadaf543846571564ca325e772ea5375c

SHA256
eaac114b05373d005f91c2824c3b907d01842056468018b95a688e82ffcc95b1

SHA512
5b4074ba1598c7441fd3dffed54cf0cea540a8e58ace339254b9a29bd6709a8e64458c10e9797a75ba8e0e84566e8c5935bf4891b0115dc02017396d70f47b27

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe

Filesize
5.8MB

MD5
e2cae1e9c641bae4e2ca527b51764964

SHA1
cca496f577eb93f397db317c9103e2b7564737fd

SHA256
5f642f3716bcd8fb05c396c28524dc2eb4665b5b9698801cb4e8c4b8dbae8eb3

SHA512
7a4a87929463014261662cf1abf8f67c28f55e4d87feb2cbc91dc22f4bd2c1b7d91e2da18f1a2f3713728621cc490552259ca865539f09e8d71dadf46f7a4372

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerInstaller.exe

Filesize
5.5MB

MD5
5b6171c8dbb01d6bff4fbe433ef7134e

SHA1
402261ab9ede4118da88e15a977e48b06138f9f8

SHA256
b693b5678a7ea4620b1a3959ecf9c4864fad30ce9e2b195433fef28c296aff72

SHA512
ab108c6890bc4ce5956bb019f339c07d0bca7a998ffe09015a177bc3575ff847f36fd2e1123c713d99131d60a4b27323db911a2bc9fba8b7339f98a2c340ee30

Download Submit
C:\Program Files (x86)\Wavesor\Temp\GUM7C40.tmp\SWUpdater.exe

Filesize
108KB

MD5
b282ce9b81f606d1c6cbda554dcd4efa

SHA1
7554ca07096a2e410f2cd3c98beb7b7e6be27f3a

SHA256
1893941e9dd1ca1296e7f575a9442fa1cc53dfeaf2d1bc94d01608ba9e7e31bb

SHA512
9e71f3cb4ea67831dbee5bb4cbb2dbd9f8ff8ffd1158fe2fcac41c89169a9aa3236c8d163f7d4e9df5e2b70ba2be20fe3af97bef70be40f45dd11acb5b4bc184

Download Submit
C:\Program Files (x86)\Wavesor\Temp\GUM7C40.tmp\SWUpdaterComRegisterShell64.exe

Filesize
190KB

MD5
b483bb4c375468cfdae4a2ed4e40d056

SHA1
27311ef3b6a323335f46c4e81889a77ffb1b3002

SHA256
df80d9477a45eb1ff233f3d361a1d82729c368987de14c09747df0f959184902

SHA512
0116e83611626c27099a0171654a4f24d64c0c901bc597bf168f889a300a1f3aa62ef48759a78081fa1add6d82a8dd63d94eeba1d828d1aefa8ef17d2b0fb141

Download Submit
C:\Program Files (x86)\Wavesor\Temp\GUM7C40.tmp\SWUpdaterCore.exe

Filesize
208KB

MD5
c2540f15c66d32d867f8205e39ba5c2f

SHA1
7a835852b20e9721eab276543e0202465e702d07

SHA256
9b296f4894f4a969f2f3ce0c5c2ddb8eea503deb4919b23555fc3f04fa0aed41

SHA512
3e0cd859f84598a409370498ba601147559c42f77a685bb131080e92e3cb87af1fcb793711d4331ce880deae4491cef3969f9e996e17b63caa3aa1d98d6c13e9

Download Submit
C:\Program Files (x86)\Wavesor\Temp\GUM7C40.tmp\swupdater.dll

Filesize
1.0MB

MD5
9d66c62b0a6b9d86b2c90d45d0655701

SHA1
93b230c4c942ed55a84c5a1e744e924bf988ad82

SHA256
ab9b3eba2befb88ab1919fe47ab74d181abd7c85851164bcf8f200e7c0db3a54

SHA512
a5484333485823db0f7f11c978e2e110294ce8e9a212d3d6c7b56a1a160cdf33a8db0146809e52e5287d75fd474307224d6987d17b482da293a4491bb1e5e360

Download Submit
C:\Program Files (x86)\Wavesor\Temp\GUM7C40.tmp\swupdaterres_en.dll

Filesize
42KB

MD5
4c638b6d2d9e243ee521ec29297728d2

SHA1
142b6487238f0a00d016f73eda5dc7800e687891

SHA256
4df4cf6c745ee927376ac7b1cc6baa9b7a749f60ce20e27b3bed209295849d6f

SHA512
accb61833b6c6172768d4721c1124ebe10eae77224c2f939f33988562b5a299f3a65c6dcd5c9c3169a4831ad4873a8c1ad4dfe3340156398760535ced4bdc588

Download Submit
C:\Program Files\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
b14ea88c4cefb6e0ba4cc6092456c2bc

SHA1
1dd586f5a6b41dbc8fd49b7270a14081e9f64269

SHA256
9ee85dc1708c295cd2da04d6f1df940a517018d284bc46956031d32544c6bf98

SHA512
f5b6d09b526388b99def2c3f0e03510f7bef17f9b37738e07a0aec3b02fa41fa8f0b634d52fae1be65d1868e6930257da90fef2850c7e194eafc6218b5e27c89

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping7004_1179624422\manifest.json

Filesize
108B

MD5
b636113d6db02fa03e13e1a7a6fa379e

SHA1
99794589e829569ec12ec7276ae3831822b2e0c4

SHA256
ea09b409ccc891e18e778db71afd8d3fcbfbc5a3d100f605f5778c32a27c5be5

SHA512
662c1a5c319b62813cde6ac118d1c19a2ae67aa9ef80eeebcf999722a05090b7fc4caab5b34e678041b2e1cf0fbc823d43fd943646af59e4c4a5afff9a0a26b9

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping7004_2056518861\manifest.json

Filesize
1001B

MD5
2648d437c53db54b3ebd00e64852687e

SHA1
66cfe157f4c8e17bfda15325abfef40ec6d49608

SHA256
68a3d7cb10f3001f40bc583b7fff0183895a61d3bd1b7a1c34e602df6f0f8806

SHA512
86d5c3129bec156b17b8ebd5dec5a6258e10cb426b84dd3e4af85c9c2cd7ebf4faea01fd10dd906a18ea1042394c3f41a835eae2d83dc8146dfe4b6d71147828

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping7004_283601032\manifest.json

Filesize
114B

MD5
4c30f6704085b87b66dce75a22809259

SHA1
8953ee0f49416c23caa82cdd0acdacc750d1d713

SHA256
0152e17e94788e5c3ff124f2906d1d95dc6f8b894cc27ec114b0e73bf6da54f9

SHA512
51e2101bcad1cb1820c98b93a0fb860e4c46172ca2f4e6627520eb066692b3957c0d979894e6e0190877b8ae3c97cb041782bf5d8d0bb0bf2814d8c9bb7c37f3

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
182KB

MD5
6dcd8617d3d0ec1f47b3d6dca9a4fb9f

SHA1
ad0c21bd1df9dd581d19e55c1c16de78f9ca87ab

SHA256
9fb4c50f7f45ac2aa14b30f5f012c6be14179d24868d7d94c56a3b7b82bb9aa7

SHA512
d13a657e356f36705a6847553b089ad64dea2e4db91afa4c83f4afb11aa22c4d799be509882c769602ecacabefff1fb18ec69e421e6d101b0cde212c241fbac5

Download Submit
C:\Users\Admin\AppData\LocalLow\rbxcsettings.rbx

Filesize
96B

MD5
b8103cff5ff17476e28744770a7a8104

SHA1
8cef04bcc6fd35d9b10194c8c71b8162c392dc97

SHA256
f8092b0e1985fff05d3ea09059cb16a2bd01f47c13355da3d1e2dc9b7a218e8c

SHA512
e07b4d16f14d0d3ff7dc30d28b6f30044dcb87bb818347e8e8f763ce43f340e96f791762c8ff338817ca17222f4f8b79e2dff2afc381cacfdab9ea0ee781d234

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
b0e9dde363663800ec4644b249c58e4b

SHA1
a7d6280718ea6feed4f3f4b8f79fded75ec9804b

SHA256
9400bae89af69be7105997f9af3d4dcbe575919ea875a0f169221d5505e5162a

SHA512
6c93b7d8ec2fe94fcf5543d22343c9dd8f39e9177195e570934ce0777e759542e9584b28f2032e3085636c6f7b52f87d5144ee6c05678b0231eb54c26573a15a

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
b3ad1ac31172667381a3caac0cec23c1

SHA1
be485fd7e2f7658ab2fb7ac67b5325e9de55dfec

SHA256
2f46c69539ca0c3f1843a727f8963c5cae0d0cc8b29e09186751d61e382be8a2

SHA512
beea863694d345de0557b003752ad00b8f7c1de0173b58b4f8d1682151933dd71f1288cb45493c80660c12fed90cf4db9e8be7bf6fc16d355e62b75b0b204592

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
c1895f0ed03df6d65e739b97c6564c19

SHA1
25c4e46281e0b6deb9aab4e05b2f9e70621d0865

SHA256
07b1e6e6b2d8b78210d510e515267a8980d03910b8f3a3b2b79bdf812d197878

SHA512
63028047d1376570c367d12b89f5617a67ec96da2832a2944390eb37b3a40e5d1544337a0e141a5844bd9b412db87defecf5274b8f9afd8770c6958ca733bdc8

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
65473c43d60d1ae57b32c193e79b31b8

SHA1
11072985f9f524d3ef6a2ba4d66962db9d0bdf16

SHA256
73f6db3ef2f33ba137586409ed16a573e4c0b402cea4d5522ac64af489320c10

SHA512
545131dba259342b09986b52ee3d5c59118d3856888ed351b2b1cdd8a8e1a133482bc469c337c6c82024a141df5953cec9d20caf30c4c9ae0ca3d84d9e4172bd

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\TransportSecurity~RFe5bf3c3.TMP

Filesize
523B

MD5
f609045ff89e3ce5990ad634b8cd98e6

SHA1
f6456ee5ee495a9d92c5a915ec785de295701769

SHA256
2301ebb2309976aeb6501c0729426e6bb619ea0d469ec52bf108677d0a9041b9

SHA512
20981311d9855472662e568febd269b672510a7e18aab167d3d1562d786862914d105b7651a74edc91783280af4dad9a0314363804a5875d065546cfbaecbce9

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Preferences

Filesize
4KB

MD5
01599b48845d8b975d3c903bbaeab74c

SHA1
07a2dd4cf9b645c1ab5b063381ad2bef000857a7

SHA256
81827785869bd17a087e75a8a44be2ba2958cd074c2e01aaa6b2b01bdd832b76

SHA512
f83a6304dcfe8792f113c4347562054b92a855f19d0610763605d3aefc8a83cde9760e7f89d81d94179fae4287ca526220a426c5da387555983581953f883642

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Preferences~RFe5c2ab1.TMP

Filesize
4KB

MD5
ab767db2ddbeb506818a47c2dabc63cb

SHA1
2dda413e3bd01f3a9ae8c6f5437fb8387ca46f6b

SHA256
60cb707d1578da900e008e001bbdc72cfdc441c6fbb144e30784181f0bb71868

SHA512
72731bdd230a0d7b346104c955e13e3ff3849e9106d1b595029172f1aa41c89258d5bf993e336e393ed477d1284bb9e904411e21f4c30d2df9a4848028408f17

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
46B

MD5
90881c9c26f29fca29815a08ba858544

SHA1
06fee974987b91d82c2839a4bb12991fa99e1bdd

SHA256
a2ca52e34b6138624ac2dd20349cde28482143b837db40a7f0fbda023077c26a

SHA512
15f7f8197b4fc46c4c5c2570fb1f6dd73cb125f9ee53dfa67f5a0d944543c5347bdab5cce95e91dd6c948c9023e23c7f9d76cff990e623178c92f8d49150a625

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\GrShaderCache\f_000001

Filesize
18KB

MD5
7dbd1ec843132a367b2554a25548a212

SHA1
84e5a105ed88cedaad96de418a8b84d4db6299a7

SHA256
8512f2b392e0d499d202966a000b91e22b690afbbbef9cb98aa0fc66846c22f5

SHA512
caf2f018633e1253773a203d923e320446c1173dfa52fd2b72082a824aee6f47ae474ecf89ce037843e5f42ab3ad0957e9e1d2b7b030a8ddb1a81ef902fdca11

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\GrShaderCache\f_000002

Filesize
18KB

MD5
12293522050f08eb259505456f223214

SHA1
ed013def2f671327a49d5100188ea045ad08409d

SHA256
00b0edebac1a7d500da4007d039d2e1a43441348345c3bb324c17f1c264c279e

SHA512
406c7754a12e8bbe6e69fbf99c3fd9b112c511ce52ddcdb1b21ccaa6be4143072663f6d810d5bfad740846a885b886973a8a63c7972b0e93e165e75ad508bf36

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Local State

Filesize
2KB

MD5
29335f5d2a2f24c8446ba0802edb92dc

SHA1
2ba0c3dc72fd6e36744988732be6c1cfd124c954

SHA256
9c8298dc11f3e9bdc59ed57ba23d97822bdc1db084af43d3ee6201471cac2688

SHA512
574dbca73224eb26cf90d6c7280724ae33c14b85d3d28237874f0f82b7d7d60207f332367fbcd4409954ca1fe9d5b56813d9ae4785c00ec125e7712fa0cdd0b8

Download Submit
C:\Users\Admin\AppData\Local\FAST!\User Data\Local State~RFe5bb591.TMP

Filesize
868B

MD5
ffc19a609362b3544f98ad6da2a0625e

SHA1
9387ac0976fc1a01f5f7f5740f29733e40846e2a

SHA256
59c4a8a67cf89e84c1c595d9ea9c386197513ff2467231e00a6b1a401647f483

SHA512
2956c65b4c1a6d8d4bd6d3cba5b13d897512709d6de5a039f7de172b27090665c7af9b22fa92e43a45cab258a52347e38c70f50b83f79242d63c6e860bbfa32e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
19KB

MD5
b44ae10069bcc3f69241236bf77cf12a

SHA1
84460f394a5de239b92735cfa2295fa91317c071

SHA256
13a04a3904e9c14f5e191f247ebc229d2af511e3a036b79ce3ea5ba0bac3c84d

SHA512
61588590e2a1022bb8eb4830f8785ecdf9d2a3ae17007f2cf0460f1f46fc08ec579c682c08ff19c45d0caf0099ad520a110e2e1fd783fac4715b1af3b8ebffe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
17KB

MD5
67e30bbc30fa4e58ef6c33781b4e835c

SHA1
18125beb2b3f1a747f39ed999ff0edd5a52980ee

SHA256
1572e2beb45d2de9d63a7e7fe03c307d175b2b232bad2e763623dceb747729ba

SHA512
271d4a65d25b0a5d2ff2fe8f3925fc165d9b4345893abfd919061d78ffc5ffe8890ded35e41274ad8b860f06264b027cfea6030ec9411a4e03bc6d7cb4d4d228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
104KB

MD5
7651b1187bb58ac4c7be625337b35e5b

SHA1
307d969ef4137a66fe2793737dc1c546587c7f43

SHA256
0632850d01a46bc2f8c223155a4bf6c398b33596bb711e098440623f118c3968

SHA512
a81d2f768af155bdc642941404e7ddf95a2cea33c9374acb5fe32f6f5266e337fbef32f904551f61fcc9f9ab5a1c6a5ad130ab85b38bc2258e2f82c0ca1e9c7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
31KB

MD5
316c10385a7b17740467d7737cf0393f

SHA1
12d8a6ae04805128198f452f50eb47c4bd5db131

SHA256
de457cdaad6a020a3e95b0ac92fa2325554be5ab2b71faf4cdfaf758f881831f

SHA512
27aaf4dca002cea8bd5f3f286e3452ad8faf58a58ef1988d4ea0252983f19027b3e3790506fd043c09a0803296d18bd9c0a1a61a89d6ccd6d07d3af88616e05c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
135KB

MD5
0cb96c18954586a0580caf7bef633b13

SHA1
0ee2b909036d30b7be6a54a123af3906144196fd

SHA256
be3fddeb1a7b6a97781e12287478d57d0f97c96e7f652c5055bb7fbbd612c26a

SHA512
219251a2dbd2522448f882b101dde5ac61681ebf3ee055678f788042af5d7b6ea27b8d038bb033820f53e65eb7d47e0e528de7ccda18c576dbffeed691d89a28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
21KB

MD5
fbb3b9d8ffe2238bd64db5eaa4b0a6d5

SHA1
343ac49f2829513f15423d62bdc9f16607ebb2e9

SHA256
f0d31b474fb97644974b10a90ca30e7f4d0d9272851456ee58363e05a137e237

SHA512
f0a3c4d87e0594598ef06254c460a6adde2b82ff96ca58222a33ffb10203ff47dde62b61c0154ef4d58d23344767960803efb6c304f0d73ee0aa6d74670bee32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
98KB

MD5
78280e0728c2021056c93954af683365

SHA1
f422d6f6682d904f7905b1cd7308f9f59062db44

SHA256
d5424e6657f959e1c026b7c119249cffedeff2e272912dfd6d0e0f7e04bcbd81

SHA512
aa64da37e187cac342d5c5cdd33d76d2bdf1bfd8cc49257ce1a4c0877a527aedab28ecfa0eaefc5c7f803bf3f51d94544bf8662430be50d2101c32c5d11f4b93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
26KB

MD5
97a3bed6457d042c94c28ed74ec2d887

SHA1
02ce7a6171fb1261fde13a8c7cbb58992e9d5299

SHA256
ae56cf83207570afbb8a6ab7cbc4128b37f859cb6f55661e69e97a3314c02f67

SHA512
6c8cf955ec73ad9d97bbb36c7ce723bfa58c9aef849aa775ee64ce15afa70afb40e8cd45989dadec420d2e8edda9ec0f05cc76a0602df0b6c4e5d45de0f4ce7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
148KB

MD5
65d3f83d879428f73e751d9a36db6db1

SHA1
a19668aecd92ffeaec17643ae7d6140ad763351c

SHA256
8e802d53da4fd798ca61b4aefc77e20767bd4696e15312b0ac7229679292560c

SHA512
e2550db4a106da242ccfa4dd8346364d0223a6034d38232dd3b867c79e18620da631fb4ad0c90c42ba3e69c17b9256df8ed05646feccbaae2fbcdb9129884ae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
82KB

MD5
c6beb366a3264903c05411d82540d066

SHA1
04aebfd3e234c221db0785c34d857b080c3ae853

SHA256
57164d52392dcbdef8c7b894e1a1662849209fb03d0d8eb36799e70072849d16

SHA512
ad5b5fdec02ce117e86667effc77acfc268c5ad25f7cc8062750f551d1845ad000d0f3d91417891ca0f37e0f31be8ec6f347f716e74c6c01fab577c4c2813cca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
150KB

MD5
6afc238d6cc50fdc0292d3719e127a83

SHA1
3b15351e4843364b22bb873e513c4e0c0912bcae

SHA256
546bb73f3163226224b210cf97200dda30ed7a7aaf94cdb55bfe2d2616497fe1

SHA512
b1ec47f8a72f8713095d3f906ca5dacb8fd801cd20e81c549a955e96c1a2ad10d74384d1af7006cf13e191801dc7c8c2515d28eb51bb24143630ed9480f75afe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
49KB

MD5
21d1f13dd0a539d781365dab87a85012

SHA1
c9f461f54356958c688fc60ed86b4e577e1aa646

SHA256
3265ae164fb8270d967f962d9b84f6ba1d19fa493a7eeee3b32f92421c0d9547

SHA512
0ebc1ef86aef146f9970635f40797a610a4ca9403e45f225b0737309a7e330adcaa15bf8444d82bd7ce5a6f84acd078402a85992a644d0614a69b104d37d1b65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
20KB

MD5
3859fdcc9dfc8ee238149b68a1cb2f98

SHA1
4c78ac8554c35cdd4ec8a0318bde9bba8b670b67

SHA256
9a2ec9b64eee6bfdf104fe6b873c26c8ae22b90c9ef77ce61217030f16d81d31

SHA512
dc15c3e84175327f6e99ac1130927b0cd1f194e4759553151bb54b6f7b3256f35a690f8650a3d0806a34f3b4855b6936c3373180b9f9c838dac8c7fbfe6e681f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
78KB

MD5
9ed6056160a3f8ce4cd6f45361108dc5

SHA1
f29efc7ab73e62aeab3fa14b5dc8d7595cf28f59

SHA256
52d7bd8fcea8a1c52b2c2f28bcf26192549c778164181afd16b0d3f81b9e2209

SHA512
9be95ceb4505d22389642a517248b0c9ba92e55a504f63f67c5c8b35c015afade48d1342298bb3ba5af571d5e30ea2f491be76e4286aaa866859299ef7451879

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
82KB

MD5
a7939c12bc4fea88edba32d2497fda5a

SHA1
e19edf9ea6aa41b822ed2d44fbb1f20c4ed22817

SHA256
6a3d2f8f56824196bc7d6b795620304c251d332c05fa26579e25d9d2647a9d05

SHA512
464fea96e6c4a03ff482f09ec3c6d584aef48cce3e85e4b93bda36d68fe3f905356bd27ff998860565f34c81f4757d8c11ae558cd4377e8e2617a4b1b099f479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
39KB

MD5
79cf44db94eb465700d65a45a527b379

SHA1
a9ea6a3d2b3a3a61bf80caa643b077dc7fc10787

SHA256
78996e6ffff1656b85b4b50393b4a9f1133550694f87e66f9c2b937bc7dd2c4e

SHA512
7a2edf730c401e21b69b86528489adf587f4b830ceba0af2834bc7c69937e754c0a3e18ee9a174910391846a94394fc87bf927fb101fe899275bf072c804a519

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
27KB

MD5
7222d69fbca9d2c3b5b35d34a9265297

SHA1
c3c833645b8945d6deb3da20b314fee12e959de6

SHA256
61c29b97732c7b66793b3e9e64dae71a59310629cc56d39a1c37c8d6723a6965

SHA512
3a40756ee68e77531217a3d01dd6004297a6bba366eac42b6fd51c2ce969e8afb72651b9819f2447d99db88f0367a2e0b4788971d8fd60b6281393c80ebfafdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
63KB

MD5
e4cc1ece2f2425b10ae2ccc212c1dafc

SHA1
92609e6d0093693110baa23758382889bcb30da6

SHA256
92e9415d8bc8529e2a3f335258ef7ff159cce2965ce3b2b7c15f73720efee809

SHA512
2848dee3a6da891b7044518bc97aeafd340705cebe846350b9a7f314b52450f1eb977b8b492638965ce4674ebaa341e4f832438199c3cad2fb0a0793ef83a619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
20KB

MD5
8266eb9d769b0040c61f9107b9233d0d

SHA1
7d84098b0f5a6b1fb73333838e071558086938da

SHA256
389603813af8808ae7ec8ca4f2bc326b15e4c2ad5d86eeabfb271ac4d170b923

SHA512
82854e09e38363bf682d1426cd72d2efe770a58531f8b006c80c32718229cd9699c6db6ae4afe0a5ba64504a08b16568e53ec8fdf2702b5abc41ef7711f011b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
212KB

MD5
2257803a7e34c3abd90ec6d41fd76a5a

SHA1
f7a32e6635d8513f74bd225f55d867ea56ae4803

SHA256
af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

SHA512
e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000066

Filesize
18KB

MD5
c83e4437a53d7f849f9d32df3d6b68f3

SHA1
fabea5ad92ed3e2431659b02e7624df30d0c6bbc

SHA256
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb

SHA512
c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000078

Filesize
20KB

MD5
9708e5224c10eb91f435950128a72070

SHA1
cc66f87dad487f1db80dc78942a7016d26725ae9

SHA256
834c60d1648bb2b2c84ab278eb0690ffdbd6f9dfa393d561eb38aa026dbdef8d

SHA512
8a7a126e028f6def7f03d4fc69831c2bccabebc48b7d97b816eb263a817934b8db1beb9baf1763ec7421640ef594e0a7fb65ef21cbfdadd90c3c88332f4022c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000091

Filesize
57KB

MD5
c7499ca185afb8a4b149196d729b7d1a

SHA1
515a63fde84030ddad31b84390f9ab655637705a

SHA256
517f12733d8c3f36f4acf51221bba37f77af472a283b7e65e9c6fa6ec8615ead

SHA512
4737416dae70e637999ec218c38d176ce2571cfe892b704bcb3a68cfe4c0a8a2deea50f9e1cfc2f70da05126d748df73747e19d72f983eb335ddd350068e23e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0ccede3da2fbb81d_0

Filesize
54KB

MD5
95fcf2bd2bdf6f81d60de073b6b7afc5

SHA1
dcd4a3b761fff8183e041446567c745d60f689d3

SHA256
10acb58abab30b46a1e3c682a9e78c78502cdf9c9ec23663a61125edf3e613ca

SHA512
806e6fc80e6b161c5747291385495cb49d832f76284ec6616d2aa92d1eb8c45763270683a6db51cd869cb645db6e8cbd9b3ec287689675a4e9cf899325b01b2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\18612e061e2f61fc_0

Filesize
14KB

MD5
b81db887efb142a0e2cd50f13a642f95

SHA1
21edb00f96674b95873f969e08ee4f2611c93840

SHA256
deb5b08706ecc00af40b98d00f8ca17e2c0c6ff362ffdf4e38f50220ad872c46

SHA512
cd0e9835634a7754759430532819df1deb63b188e0428b8f49d965173dede0dcccaec2c269ba35c9f500d3aea0c1b4cd4f10b4235ec5a227b25dc1085425724b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\279bfbac38372be9_0

Filesize
23KB

MD5
7c64d98ca6eef2c95ad906adb6ff59aa

SHA1
19e78b7b66da241990778de9b13e5ba23cf47960

SHA256
2224754c35b02e31f1f28846a484b3c400710e7521082220d1b9cb99c882855e

SHA512
8afa1aa7c1320078b8b4361a5464d2044d6dc8fc689ff4a847cf3792c7496d4a2d772289802ba9888308e27222a93d8ce091786b915c8dc44c6e0855995ff201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\34a2f1a45bd790f0_0

Filesize
341KB

MD5
02fffc8f04b139066e89556c13d63fee

SHA1
d595da6089f0583ea5f3d5f87549e1661ebeee8a

SHA256
76e516b2986178cd56cb571f89d8e9ab1a6a8ebb6538a73101e50761c238e9f3

SHA512
34cf9e63c3567dcfbb9b9f966928114c1de8281c1ebfe0a56a6ebcbceb7e45618a0d695b06f57b6f72193ef95d3d6c7722c02d7d6ab7fd3a37bd43a7e6e70b29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\67ecbfefb7c24eae_0

Filesize
267B

MD5
e171cd7a89b8017109272c7872827831

SHA1
d480f6262773d39cb7de911398108b81e8ab2b64

SHA256
3fc8559013e43f5df99cda19c15ca097a0856e74f670487bf9dbc3102b77fdea

SHA512
e86fd9919e1d0d2188df1c882a2667dac7ca06ac1b14d69b63e90c9c0a30d55745917425be311d2e6cd337ee8b439ec216c096c090344d0f12b105abcbd7cedb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\880227ac27ebc632_0

Filesize
277B

MD5
46306916d56fdcf127558ff3e3fbc817

SHA1
1dcf97916e97e661b31d9cf84b4f84167d028e75

SHA256
b953b9fc7628d5c5f39985e818385e00452753c72b54ffe2b9e26ae987d6dcf0

SHA512
e14eb696320713dd47c175a3cf1680958561d5f51c93c59f7f71790f6ec3a078a35c3d7dbea7a9eaeb2c02813df741dc1fc915a195bd53419d52754618d978f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\89ca2f359dfc54d0_0

Filesize
158KB

MD5
43f2d42476dc47583a93668e9a1e74d4

SHA1
b40b3a98ca950c4b0e543726185d31988d8a88d8

SHA256
cad9074c4bd2b09d7f4ec34d856d44e42b6d4eb648af69f5d2b29c42eaddeb28

SHA512
c20e721c654d5e162e17e78e68850f3c1da53ca4dc7ebab9b2b551ccbddfa9b40a61891c4248ad9066453d4f52a3bb2353eaf5f5e14511fe909da86168c246e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cd395aa419a5eeaf_0

Filesize
32KB

MD5
fbc44604b96c09e4f85f0e5f3a732a84

SHA1
e4513abc0bba4025f0c06ea0d88daea19f32c772

SHA256
b258fc0d66ca2b1832493e40987d679e395a63780564b4e9fb449a977d8d80d9

SHA512
bc564dadb1a8be6342c5e27cb55e15461c7119dc1ce4a3d918454313dceab51c25347a57ea322828aca84e7a3c845c2bf164b194b96473eb4ef44384e2f76c53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
eea0490143687d4bcaf686422b81d247

SHA1
5794cbc68437d606ebacc5882853e78651c0a88b

SHA256
9cc0badc05dfc2864c5d274b51292571d16e4c91113dc395896ea5a1bdcb0550

SHA512
0389d5a3991c585046185164f3271a928951e7760fa3daff5107155c58c949143b13e57f2205f3f576a17af7f3e5f6881b69d866ba18ceff4bfd838770b4070f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b8cf0a79b11907688ca231c3203333f8

SHA1
5b549f15593b725d00546a66e4236d25ad00fabd

SHA256
053b5b0bd6e74d59712f5dcf7bc2eacef228e87efb10ed6b1119dc51d3d25db2

SHA512
d827e592dcedfa5aaecab0749b406d9640bda3615371387887801a80e0a94e8760a181d4f243ff24e80f28a5a7cefbab2e04f5499529bec23159233ad59cb6b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fd482a77e15f5c9e2d778c49156ce8d6

SHA1
47f9063202574fd33ed4171376716172106c602a

SHA256
81b5500d94d842c589626838db23020dac492603f2ce32955ade545669aa9862

SHA512
e1233ebb13f4893216e3c7381c94a19b793a92210d2603d173f1893a2b3d69b2ef77333d1e454d75cefd3b6527171da0ea89f57bf9181a1b6aadd47d307a8368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
180e8e8ae24870722e3ab11569529d86

SHA1
5adac83f42ee7297e0ffe73a2a87274d5e9999bb

SHA256
c1c9d265f852a67145a7be5ef6aaa041b540784d5318b4fae26616995bd96c93

SHA512
47d470c7f2bb49c91f96c8ead89cc18ec0f07240c7ce35b319dc66ccc56eda08cdb848e37ed9198a1034fc28f446f5b6f000c0726e32722e6bbf08c991224692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
cae279ef5396173b7d9747c0ad907feb

SHA1
12fb4c0a265e7e29658665819f769bb36bbab273

SHA256
28cc71809023461e7e8f5c21d904b98bce5ffa42dfd577de558546c071531172

SHA512
b7fa3888538811933c5053fdada6106f85a5ccf69daf0f263de108b6c0f88702e8508c9030546dcd6395f2e476c66d95bb4583c74409f75a57dd851b60925c56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
edeae69bfc065c1e773f38b31ed7e3c5

SHA1
b0a826041a868b030b46967c701b417e26f210e2

SHA256
5eb8cba982cad5dc81b50916fa2f88ac6351eda2d6460932424f25a88a8f09ff

SHA512
91edc6de0e756dc664fa8ee3231e994b5e926550ca07793f069360dbc25e84adc844ce270dede6596e500a9cc2fd801dcfdc1cc5e9722731ea658a44106f6670

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
c558e6214d896c93cc3cbf48a8939769

SHA1
dbd0a88d1034f3812d9c05a86ff28dece7924f86

SHA256
50582608b3b8d52ed2109ccb420c44a4e937bb29483152a321464729f9aa8a27

SHA512
65376ccbb78a4457e6befa6b58ed1ff3bfe3c52e8aab40c58a82e924dc4f6938e081fcadcf1c4efb043724ea33f59e963f60a83ad3910e3a79a0cbadcdde0857

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
17KB

MD5
01d94b1f3b37f62422edb51c20822ebf

SHA1
51802200766f961916ecf4c14c4e3d1539deda0d

SHA256
acfa08ae6a7287984afa8442e650f004aea7984c4c1ef55233c56f6fe1118cb1

SHA512
e8144fe224a49d19b1a367052f34e52d5365266fd7be902d2e8c35c6c2dd70dd6381b3f1a80e769675b5f3112698e2c84f61399f1b9fdda0556126143b7612df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
4020f881e687b69229a86bf1b18320fb

SHA1
23bfe9fdd828675c2a8facd6e325ae0195f5716b

SHA256
7577ad38e5b44dec378168506c321b96725c1c79ddaaacd916886fc70eeb7bbd

SHA512
eccf6e7f5efe22984c8cbcc4ad8c0fde6fa17c12a62f409de8f3875e099485ecdaafa27d85a89a062ae4cd78500271bd3e50da6d7058dd5415b96487c8ed5a26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
17KB

MD5
31adad06259e300a39b84cac9dc7416e

SHA1
fadb1c102d771394114edcd4a6b26b7fccf96f9f

SHA256
6b7f42d022cc60878943110d2442db3a1069e448a69952f32cc2801f952ded5b

SHA512
e4b4dad3a357d8f15823a6118c5747e10b2f890f4a417c2d8bbf33e3601264adb890cc2ce422294d8623010c523c85412c3952bbf480d49233d0f6e65dbd5bd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
199bdc2df1b110c9ecd76004aa956a64

SHA1
fceadfa314144255b89ee227c42385597efe0b2f

SHA256
9fe3a01881b79b2c34f85d1df519c5878327b7c6797fa98e50593fa7f6fc12d8

SHA512
518ebd4b65238f4af064dc3fd57e04a9cf35cef3645ee45963cbab06f34ecf152137d39a5c428f7ec5a1ecdb74ba1c7391c21ce1f163400727ee9ccd89df897f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
a78f67950c56e264b4b2c447fa32eb3b

SHA1
80e919cc3a98ca5d50d2e364aed98a94d6fdeff0

SHA256
4ff7e33f104c74be9b263b98fa4805a176495e1ed27d97b7d058793072f49799

SHA512
f1537f9a3a2e64cd105e7e2ff013b6365093419eaa40f719e94ce70a15db3a71717e7b23abb3beeda41ed6054f0a18ef6b50f290ceadf37668712d4554cf90ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
10b061848d5bca174dd5401269e8a4ae

SHA1
813c422512f64271235337a9f5cdbc14378167d5

SHA256
f7b31aacbb1dd03b48bcf24003f3437c12999f6a5222002b558f6ba89a997c0f

SHA512
71df06b10206b5c4ce718825b4c25da2cee9da7e6604bb745968eb94b2fe6553d8c35dde5910c456f0d14e9f9915428bfdf0dbab3ced7a6512be05c21774f9a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
5d777f5f0bb6252966cb023707b1b8e6

SHA1
75683466f1bdf50c50209bf95d7a9d56f252f660

SHA256
b98f7f4d8a242fcec9069d01bc6aceaad0169be07f9165ed369245919052f8fb

SHA512
62681adbb32e08f95dacd56ab89441c9416c120d70c0bb260993bd85604a33949cecf5f016eec6010e280c67cd483712d279a458fa5ae575ceb50bb085622124

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
a6b1cc591e2da3507e4dd254ceeb6713

SHA1
ec25481a8a86e1c2df016137387c7ddc37efdb52

SHA256
4c319e542c186b0e860d9ff17f68c14fa69fef91fb2f231ec30c919dd3e58f4f

SHA512
1c2c1ff08f03a203c6d0a48346c3449cded483e4e26fa6604c42140f0681dcb764ebe1a9b738a66fa7298548c3d9c94c08b7195f312a3bc006d88e9dec8139bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
f2a3b69b49d6af3d3b74d489435e16a8

SHA1
3bbea5548e37be53aac632fa8b9efbf064a721c0

SHA256
d1eb3d77452f507eb07e889718f209f9ef6a5b6d8e8b335413553bfad1a2adf4

SHA512
6314a12a1c594826d1b9a76a9015055beb7392b5cfbe0731cc6c475ac8ce0b0589129cc98e3a8f03d9e8908272bd43237084c4ef65c929e189b4c0166f00ae8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
b6cd0a5ccb41bb93002e5da98d30b982

SHA1
9cd398085ed6130dca84d13571485f95941e9fb6

SHA256
2a715d20a26e8117366ff27768e87ad26ba14998a65491f3c92d0702f8168dba

SHA512
17b240d4134880448a451ff671ff1eaaa895d092d0f76d2433e66c912b92508d2d6cd430e9ec0724ce72be5331431369c28012abedc98cec375d3c8a58630f44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
e776e95674301d1931c8e40a31f10b52

SHA1
ce493aca9a4e78587e7d7f66dce61102568ea5fa

SHA256
95941a2d4f503fbee6ec762e7844b382603a1028b8b2d3aeb8996112b668559f

SHA512
26686a511c58a92ba57c96cd38302d8d28f54ea191f8e5f5d2b65b2fd56b9914d5dfb37508ef1c38bcf7a838a757535409188fa50514950000c7d21ef482cdeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
0c3c3f319a1a33145e62932d1d4e3ec5

SHA1
4131aea985efe590f3d356093353aa3f3dde80a8

SHA256
6debf70a218c0e29ff7bee83e00dc9f669c6afc6c3f4fc0b74a9a16c58a2dec6

SHA512
334da1086a4da1063a7b7da9735ff1d5dde1683718000fe303dd7f698ee803d0c2881acdb5f54b812f7bcabef75517b0e0909146eae844441e55554b84ea3d8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
0ed2b4ae296765da3ed90ba9ea17e72c

SHA1
ab80144c74d087def627d1f60f5a1a5dc7fa3f90

SHA256
a65cfb6cb86fb8b3c4e45b4d2c304ce266fc5053158ab4d2f80b18b14201c183

SHA512
b33cdd7b1a9673cc753241bc83676e9f944a98ae1a946fdb6af3b3aab2ca60ff9cf6bbfb0c16b951549393b1c7d625a3f0eba4a9f359136b8928d6657a6219e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
070142355a329bec67d0181bbd7e3be0

SHA1
197fab1f7e535faff8203a9aded9a562a4be357e

SHA256
82da5079e7dd0491b7893791bd41db3508bdeed9f1f7f26408494685d7af9544

SHA512
59ae0308d35b7d566c28a16646a3e4d5c8918a1fbf8bd1229914663560051aa909c1603bfd930e3452e2164877a5c0c3cd772a58676bbe54e81c2afd39a6f8af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
109784c05ccc0235d2dfb637d92596e3

SHA1
03b253e7e2f3c92bede824841351e2b81118b28e

SHA256
c07a13d38a5ce47546242011fa8a9f8ec05d93ea798f51a8d441464c6590fb76

SHA512
ad0696eeef0d5c807a030629bfcf4e76c974c1f8b89c00c2da570509c70862e566be24f2c5ac17ba04ea2c47708b9bf88e529e0bfa0e8baa7d8d91c6a02bbb88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe594750.TMP

Filesize
48B

MD5
73fe94e1e504953420e72d613bbc3e29

SHA1
0444afa1922ad2eae81e61da2f240218a4e3e2f9

SHA256
198a2174c7ea0f3cfbb0f696eeea2492e84a717a34dd730b7cb2fd9291ad6970

SHA512
2e8f770ad01c6716a889cebc138508e1808974697c376800e4b14e86554f549ac7e975846d2fa95005218e34705a143330ad997ff362570ba3e20e51d845ede7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
4d28e84b7ddb7e016d95caf475b3ec9a

SHA1
035f3522ee473ecbd846dfdb01f00166f2aa0bf1

SHA256
5399cbb17b215e7f50585bc42a4920df03807340d0cd52b9f4cb17da1a088289

SHA512
ba91c8671d7688ec7fca3118ccb59dc380bf664d7b30448ec047bcae586fcf8a8fb31580cce12a4f35e8c97daf9455f808396f2a4ad31012319612f1a2fd400c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
690da56e93eb0db144b384afb180c100

SHA1
637410a7cd78b857e37d1268730859f47559734f

SHA256
8b8af33d2495cf4879b6471f03ba43b3cbec36677c9f73ff2132a4ebe6eab0c9

SHA512
cffe3de3cf49636ba7e35dc9aec4aa8be8eff296dca651d0162b70f564b3f5caa9a08dd4ccdca10cad0c3d5c746caa9e8388caf8ac6c670467519372b6c8df66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
5d64e9c860c80553e7163922abad2342

SHA1
d36fd33036a8b2a10a6fae115c2e55dae55c6a23

SHA256
5a26e314ac6873f00706992454e3611179dac8cd37e3f924eea67ad31f45f6ec

SHA512
48f779c5e1fa30dd464bc62647065555b52ebee98e74503caae59960bcf5f03a940a7f3cdc6abdf006e5db2042f847f44becdb00d8361c84184ea73deae48538

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
2ed75b66353aa1af8a3df4d51fe96c35

SHA1
5f3aa658ade78a76de16d7dd9ea36b565ff67c4f

SHA256
bee7de8d075ad80b0b2e611f522530998e91d50d67ddc0b62259527f608f1582

SHA512
e5d86ecf47f356a740ac42eba7b2c3014eaf5104121bf3f0b2b045e714f492103bf8155d07510eb61847fbf543799a4b82481f0622530c8e6e3da525db74c60c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
0aba32035cf9ab8f3427c086f44b01a8

SHA1
413734936dae6a7ce7d75b065bd80330484a8e3f

SHA256
78775480228cfd3ffcdbfa32b046c3f46930d1026034a5889f45938585c9c357

SHA512
b75aaf54df033a8312f46b3d765b79e34a102bfd51a65f08f3195dfead753e2ebd9ef860e2b4032db1fdc5a462d2e964e2e7488b2a4b7022488601e4e6da7fe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
f441bb98e364287e331466fdffe55a24

SHA1
a3d1ac4a43138e9764f0bfa10110dbfc03a45360

SHA256
5e2b4a42352bd13b91c63b2c958f2b98ea4c3beff9e06133ecb0ec4ba0f8e71c

SHA512
11173c37587ca01b8327a7b7929918513aecc21cede73414c833a509342efc661b8f2555e3e70d591fb94144e25aef8e0b11086a3e26edd3db7613f6224e77cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
9ddf9e1b29e2a77b15f7617b16d28080

SHA1
c1447a701e9363bd4072abdaa6101c79ff1468bf

SHA256
bdf6e5a0f42f0982085152a0e64e9a15b2f6037036f6e26d175ef6561cad8064

SHA512
b8e3e556b01b4fef7fee938bd9e2949f76f03e83380222f7eba10b3f0d8a51a755b3968301a4510963c6a7ca6518f83aadc80decd4454e8fe3acbac36a635724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
05bc10a6da61a3c7dfa4a2d3b18ce2d4

SHA1
c974e9635d497a7aa2ccf0d785bdedab51aa8637

SHA256
66206447d9ee0f151b923c8e564cdda8f05af4e2841dcb82a0fdad42afcd1499

SHA512
2897e5e3d339d0c6c3be9cd466e17a711c2e2b549236473d15566cf205b0e61eab104d47da2c009ade8ebb180e6809681046e6b339ee0f5635690e02d9ff7009

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
ef82b687f2793a3dbed0d58756264b20

SHA1
32f2dbea48184549df6931cea0957ebb397a9f9c

SHA256
52acf875c23e0811125c4c0717bc385177cf3e593f73c148fd2a099743f2aff0

SHA512
ab5fe03f1f4e1a4cc1cff87f680a165278df157d11570edbf36ccddb6cbcefdd293cb415b68c78194933ed1f5ef7d3594f63e6e6825593139c13b1eb13d69f0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
628b6e5d5f33952c967498e5d8bd8f93

SHA1
cb841f9ad4fc86a5315664faf097e5a8a5f657c6

SHA256
d52d16fbddc4f9a89e90d5c956b126db4f786f6ef9d7a1bac9b0a3374def0068

SHA512
2078f25bd98edb1f2aee0e670bd31ccdaf2127b305b57ccc908e92286287d18a086e06776c76dbd6994cebba5a6ae0d061dec563da5662b71b642a64e9380a58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
30404d80feab2d50805cbd038986c94a

SHA1
d969227e94cd2752df40b2c0ec5f7acd7ec7c16e

SHA256
aac243c238646990a83385d5172f3d0e43f95144ad1b3d6994bd09208a73f7af

SHA512
de6d041a9645d66ff677db51c1a8a13a4722262d01613244d03e40b3fcd83d60998fa1fb73b474ee1ba4a3e7a03c5b2b30ea80df0dfdb162120f5ae9604aa9f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57edcb.TMP

Filesize
4KB

MD5
c0ae02d2760ad2b54344a8afece6d960

SHA1
f1e23a87f5794c7824cd703d855efb791ff0ce1d

SHA256
3643e72939367bbc93ce6c2f64459acdb42163bfddff627228c76d57db191aad

SHA512
7e7cc7aae65d994a1c86abab812751445f7d8a3c9da4f45a533176b0d853bddf4a5ac740f2e061636830187106c498f7839ec2c8dfdff4bd6cca99ef3b833ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7d358c5a5c1509068cad2c3d5b8fde25

SHA1
651b410320fed73d55b705509b70d8e3fc06c0b2

SHA256
b676dfbfd19f41f07345f00ca16bd8b06b92c097ecc1ad966c0ce45eabefade6

SHA512
fac0fa9ea19fcda8506b52dc324ad3dbd74dffad03c1b46531f99bda2b90f6c139c5614abef1e917fc7a8d6ad1b699bdfbfa982767ab50bfd796db9959d0cc4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e90af7d49e4d0ef99ffd332876c78041

SHA1
3d27193a01129e606d22010b9431ceb882428a1e

SHA256
1f8e1d27cd3f706e444489b89ea7aab4846ac64d7966d3a29e107d5b4b26daa6

SHA512
6995d201d1ce2f18896266799a8cdf6b8b59cd659d97c34baddb9d739a6771aed1a1ba4e6c32fd3b5e33ad0354b579b1a080535f0982bad088ee0e57f3a3f8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
109d5248a816de6f09318edc89f1c1da

SHA1
5f69ae2357b58a82a7484e2a334f28c785ed9786

SHA256
0bd642a1e042ad399317da8acb2a1a9fb4002eca733d5c42ba498239a4ad4f63

SHA512
a00ffd09ddc2e88dcbbaf10cfd5c7319bb80a112f830d8efd90c31e219aeddb67e9b1e810dae39bb4f2226153d7e9a386ac6d2cef51adb5e6692fce34a1874d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
150e5abfa1a7b11c76565ec7d01c9d73

SHA1
4aa17db841ed11f53bece5fc7904e1c5c85d6a38

SHA256
80e8ea7939889115439c76cc47e0fc804e74838ad526d7900f4749cfa3954e88

SHA512
cdd5c70d012cb597ff843c7af4073ba6b9f9b550799d149b0865fb8c4759590feeede6bc55e0f0c41f3b84c50fc1171c1bdd7d33924a248c964291283b8b1da7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
807276a3d165d49089e28d84e64fb3ca

SHA1
f78981d235f254b88be744c39d846dd170650c99

SHA256
80006f72a1e78d8f3aa77a6810aa77190a74a2429cc7a77b0cd7d61a63b9aa91

SHA512
496015d55e328bab33f78c60f8eeebf5c66075e22b0c9954a5ab92c462c59e669045f680bab41dc826230870070097939c391b25a0bd8e8d0d9cdef682e07e83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c3707656cf0f7afa1b13beffd1bf3f5e

SHA1
2bf0525f9c2e02658d6dc0ceb75c02f006188451

SHA256
73d50903380a3a94d00dcf59b64aaf03e8268b1b4fb3a39db7470d16184ecb19

SHA512
5de5fbd200131da511525955243034a0f914528a04b5267b1574690c8e6c1e97a5072f88afeb161ba48adf8fe108521c0584f3edf8d6632fc6096ea6c88d0418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GENTSNHI\BatchIncrement[1].json

Filesize
163B

MD5
bedbf7d7d69748886e9b48f45c75fbbe

SHA1
aa0789d89bfbd44ca1bffe83851af95b6afb012c

SHA256
b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61

SHA512
7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\38052955-9a81-41f2-8b31-149764ebc72f.tmp

Filesize
169B

MD5
d6384e59d4e2313afff014b9aba2f819

SHA1
2e0e1d97fa3a06ec9c12ef81b70e3a2a23fad967

SHA256
b43992cba58ce16db9ab6ce655fccdd79655ecf9f466b4408f008e5c42dde382

SHA512
7d99be6459dc5350f6e4efde6e667040a47e79c5f51fc0c4de1c357da41e8f8d1bce596f27af97e22ea8e61d3fc42f0012576ac6072f8cb08b8ce2f54e21e9c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\670e0c9d-c28a-441f-9327-0e5b73f0eddf.tmp

Filesize
856KB

MD5
04398d23bf4733785de3a5ca05ad80c5

SHA1
72b193836a47aa3f0b7182de92a6a3f6f862131e

SHA256
a89ea036242d4e3345ad54ea9bcdb5c73ee5b78fa320996398bab4ae46cb578e

SHA512
1e7ba8e738c16af9267e7f9da427c23f2159214839d6e59bff66228375e9c7aea0f86c1ebd352cae248fd8508f762c1e81dd680e27cf7c1b5bd8084ab383148a

Download Submit
C:\Users\Admin\AppData\Local\Temp\6b495aa3-4039-4b27-afc8-7abfc6ca2abb.tmp

Filesize
59KB

MD5
7361d437f5f0152896832358e4941350

SHA1
918b3e9825ceb47f873267918877de97de71be8c

SHA256
11c5652a64869d8146a56f83f7b431d72c40a8dee538b78291408347a8f504d3

SHA512
45435876b782ef718a10edb14263d16a56e60d8da8843c164baa59713717ab1ef96bf10cffbb206da24b0ebf186f0228dde3804c6b9c586848dccdcd9ba6cfc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\RBX-41D3EC05\RobloxPlayerLauncher.exe

Filesize
5.9MB

MD5
2eaaec627d05c9a36db0a75f68c21272

SHA1
9c123e54b8fed65b0c768c1e248a3ae78964f625

SHA256
18eaeff48f24edc79f4b81a3d5d74644ba8e57653c3ce0a30bc15df917964452

SHA512
cddd4bf4c19dfaf39e97b65ffb20094210e53aee9d48a6785e104d8d71de39ee8d9faac247100f5c867edc65294df546082de692ae7fb00a89c711e63cd36d5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe

Filesize
797KB

MD5
d083a07a3dca2d0ea5ddb0e959fb8ff4

SHA1
86f3f43729db553d45b728b1409b73d3de5a5915

SHA256
05e1c6babb787f24d8a60f8ded2c216c9bc2956970d75073a71139fe168a122f

SHA512
d16259a1fcb29def140e9e1768b99d973b434c97bf7b09bd0d223143a622ee720d2531a84dd4edf082300fb5f4f00812e418c0131b196375821e612bf34f7aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\b3d4b05a-e1b5-4141-8384-7b8007c1b6c3.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashpad_roblox\settings.dat

Filesize
40B

MD5
c624e7c590875504eb4e054b19471437

SHA1
d9de9086ad459eaf4a41be88d56dc5560f94fb1a

SHA256
85727851ddc43b6e4e4c9dab1cda096d961ed23eefb33ee8a62a1df16d823401

SHA512
8c91eff24352ab7b4b770c84e375cb95ecdac3412f77c33d375726e7f07f7e182a0cf2eb8d20a4345ae3e847ca2505d925286adcf165434974139b9b03943513

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc2CCF.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc2CCF.tmp\inetc.dll

Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc2CCF.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc2CCF.tmp\nsJSON.dll

Filesize
23KB

MD5
f4d89d9a2a3e2f164aea3e93864905c9

SHA1
4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a

SHA256
64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb

SHA512
dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg1B65.tmp\SimpleSC.dll

Filesize
1.1MB

MD5
7b89329c6d8693fb2f6a4330100490a0

SHA1
851b605cdc1c390c4244db56659b6b9aa8abd22c

SHA256
1620cdf739f459d1d83411f93648f29dcf947a910cc761e85ac79a69639d127d

SHA512
ac07972987ee610a677ea049a8ec521a720f7352d8b93411a95fd4b35ec29bfd1d6ccf55b48f32cc84c3dceef05855f723a88708eb4cf23caec77e7f6596786a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg1B65.tmp\nsExec.dll

Filesize
7KB

MD5
675c4948e1efc929edcabfe67148eddd

SHA1
f5bdd2c4329ed2732ecfe3423c3cc482606eb28e

SHA256
1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906

SHA512
61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7320.tmp\Math.dll

Filesize
67KB

MD5
85428cf1f140e5023f4c9d179b704702

SHA1
1b51213ddbaedfffb7e7f098f172f1d4e5c9efba

SHA256
8d9a23dd2004b68c0d2e64e6c6ad330d0c648bffe2b9f619a1e9760ef978207a

SHA512
dfe7f9f3030485caf30ec631424120030c3985df778993342a371bf1724fa84aa885b4e466c6f6b356d99cc24e564b9c702c7bcdd33052172e0794c2fdecce59

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmC3DF.tmp\Banner.dll

Filesize
4KB

MD5
a1b9bdee9fc87d11676605bd79037646

SHA1
8d6879f63048eb93b9657d0b78f534869d1fff64

SHA256
39e3108e0a4ccfb9fe4d8caf4fb40baa39bdd797f3a4c1fa886086226e00f465

SHA512
cd65d18eca885807c7c810286cebef75555d13889a4847bb30dc1a08d8948893899cc411728097641a8c07a8dcc59e1c1efa0e860e93dada871d5b7acc61b1e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmC3DF.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir11584_346259688\4070d2e9-8e15-43da-8083-747bd3ea4334.tmp

Filesize
367KB

MD5
227dad1c3961f500d7e78a25d35bcf96

SHA1
eb673ae6aaea185de8e16556a1c6aea9fdf87e66

SHA256
578b9fbaad6fe9b6a448938046ff6c4cb938a2777c255f14767db76263597256

SHA512
951b80dca58ebfd38dbd0be90e53253a01d390926398c9305c88954da0088ca1542290c883cbca3987be2820770d66e96cc1f1046c553b5a77c0ddcd6f9828f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir11584_346259688\CRX_INSTALL\lib\content.js

Filesize
846B

MD5
d34d8af3d1e617ae23ae8182548892d2

SHA1
aae7cc51d9d8e6a3e43e128cc09dd866f45479da

SHA256
ad9d9885d4906a93459a53c11c47c070f80a4041abad4a1d28302a69014ad86f

SHA512
725e3d11b846709882cc969f1402382b49aadce36d65348c628cf427d31db80a2a98d74b49fa85c8f879a29f1f5b235b196687f6911eec0a7f121000e282c6c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir11584_927061665\CRX_INSTALL\images\icon24.png

Filesize
530B

MD5
449c951f5c00fb23cad7eb88ab2e16fe

SHA1
604d8ada542c1cd33ec0eb4c5fb6e9aa31474a69

SHA256
4f10ba59d9eddd0d5f5a6bdd45df96f781bd30c1ba3c4ff32f6da1e0442b931f

SHA512
77617763f80e5dc595d03122dff9404ad4c82ecd41d437d8d6c4f42a0ab79eb4daed77ec7989e65a433d413b3b7ac7e0edcff79d2b37a7707312a3a602c43e4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir11584_927061665\a57dcbf2-9601-4444-aa6e-bfb3ad3335bb.tmp

Filesize
561KB

MD5
487cd1204007401af40da9f7e9e4bffd

SHA1
5a98eda5c38e3b036929fe5ccb0455ada0a84b9d

SHA256
32bc3294e802dbbfa1d63f958bb21b3b883b1e263a720dce8c699252bc61812b

SHA512
f240afc41266c30b339f816bbea429fc1fa3390f08d900bc367420f84fe741334c81613410876ce214430b1ea8a2dc37f494faedbcda6c58a2d453ea88bc3765

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5972_1220339726\Sync Data\LevelDB\LOG.old

Filesize
323B

MD5
8fc4d39ac1b3f2f1e0febc1fe696c4ba

SHA1
86b66ccfbcc194ee8b378c9fd7c6a71e6ef42897

SHA256
7c11c2ce65c39d27690c5d98a686e28edd7cd1e7861c05e9f416f9b07ee6147f

SHA512
5d273e4f8b1464ee58b470258b80a8bc37cc50d32473699744b665e9c91a56346725ee3a5e4cea4712fde2ce198da0e4563369dad518fc66e731a84a61adb3a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir7004_1324857468\CRX_INSTALL\css\fb.css

Filesize
40B

MD5
c862cbbc1b82064465f98482ef73948b

SHA1
0e49a12b9d1fd903e0c44cfe9c9db0ae7a5b50fc

SHA256
988dfba4289e28ef42d0ce93bae58926ae7a9528de7bdf97898d1c2cd2f2016c

SHA512
12befd2966f25464dd21377d89b5d3c9b8fd9abaa8f257fe88bd1d80759fc5375439e6160f99dff7ec7a61135d9616992b611b63d1a6e094fe2eb29e23420559

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir7004_1324857468\CRX_INSTALL\js\cs\fb.js

Filesize
3KB

MD5
35a10dd7924dc7a4205fb3807812896b

SHA1
53583f9a14b35a9529614f7cb8c2f26a3a2a31a4

SHA256
43cdb582f3881db7584ba1cab29ca88c74bf51819033ea88a02b0614e398ee8d

SHA512
a7220a4c8cf583c334d78c108b7da9402a79eb2c57c428c5f740f8b2c6c19ac1c761da8d57074f2b9cfb063da84410f6558a8b61f978d536d9ac48428448a681

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir7004_1324857468\CRX_INSTALL\js\cs\lp.js

Filesize
3KB

MD5
b6ddadfa381c9d9297812d2dca3d92bc

SHA1
9f83febb785d4c87730164f7cf020d036e0e11f2

SHA256
6b2d97ac7dff812bbb826852feb506a4a300b7876fd6985e6b8a16ad710efe89

SHA512
d89a308fc1b9b6ba055e88ac91a830169547c8aea734a773762767fe4c6a76033a8d3f20b8e82c094239d25c8e2f17e4c9b1bcd083d294db368aa28f2cfe85f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir7004_1324857468\CRX_INSTALL\js\cs\native.js

Filesize
1KB

MD5
8307716154566dd5d4b7f87f7e536824

SHA1
5b746f1c97a036b190d4cf1db76760902ae1ed87

SHA256
a7e44db42aa52a276edb6a2dea7dae1a8d1f683ae67d0179b5930271e3138d12

SHA512
8dcd2e9dea6c147a4c9578b42fd1613a55e790d3a6ddf98809f123cb06270784b0c0e3ae27bf2957e6066fd8bd831cc09777270e2bb8f6f7c144721f95e3c5fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir7004_1324857468\CRX_INSTALL\js\cs\yt.js

Filesize
1KB

MD5
8e84151e901f61a135d941979efd8ff9

SHA1
52841c4272dc039438ce59943489367d1f2e4482

SHA256
738e199707a5027486e17e9bfbd50a1dd295d2d6d5c48ccac17fecaec91b70a1

SHA512
c2e2c027d3655bd549ec59d75cbe307c8e6b66838c72949b965ce2c7ac3c730ffb873a948cc055f6727964cf048d403262e8262c6c6559410ae682e2963c013e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir7004_1522147398\ef3d3ec0-9c6f-4196-935e-9f574a5a5fb8.tmp

Filesize
1.2MB

MD5
7a3bc6142be9b7c9664464759974c08b

SHA1
7055fe5cf3e31a24687c3fcbc06394eaf097c6ae

SHA256
446839b455f486943d42e46c8230b6b00d59943de94449fc418ee626aba4dbef

SHA512
c881916068cfbd73425e1a6662d1049f02b8f1ed34b8546a9555d43b2b05ac3507e94f996435123a7694a2f2ddc4ef9f97d839b9a9584ae3ebca37f1b45d63cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir7004_1582238866\CRX_INSTALL\assets\index.ts-loader-12fff2f5.js

Filesize
341B

MD5
3db80d2844748cb8365541c6c260ae47

SHA1
f26ea3d817c75932e73fb361eb87c34d2b74c731

SHA256
12fff2f5f6d8ec89484ecb1b6337f693745c56c4b4f1d2b81774c532d21f9450

SHA512
0b9266ed937bb441f76dff6757861a24c963f95cdeaae304f396edc093e088824021f92471f60b68f4bf135896dfb4dac9105e295572d2cdf85d629ea9c5b67e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir7004_93355315\CRX_INSTALL\_locales\en\messages.json

Filesize
162B

MD5
bf28ef9468e4e1cbc5f3e055adfa69e5

SHA1
d5cff2ec3851f3fff649d688919f9f4f8511420e

SHA256
0e86dc475bac19122a3134a18cf8af26b83831df3346bcf5093739ca2891b4b3

SHA512
7b37e27f56b8ef1aeec6f25bbe7336ad0bec837af4390e47932adc67c9ed873c6b7cb5d643b39d0b6f383d79c7ee0ab8aa39e70f894ce8f2b90a884d1325c3f5

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad\settings.dat

Filesize
40B

MD5
322dece2878cb4559116a12196fac8d4

SHA1
164ccf51792d7468a0e0ced109f10deaccab0236

SHA256
0008a93520d469e68681a3970e1793f6f81545b89e0b9d8e6c777e5ebd6f3b7e

SHA512
6203de23486269fb792ed075f772bdc021c1cbef3437c4f974b3bd62794455a894bf856a07f9c5f42c33bcfdc72d2199928976337c48a0ebe224a0cacb982662

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\3aef3c17-7c41-4347-bbb4-c489cb63ba5a.tmp

Filesize
38B

MD5
3433ccf3e03fc35b634cd0627833b0ad

SHA1
789a43382e88905d6eb739ada3a8ba8c479ede02

SHA256
f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d

SHA512
21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
47KB

MD5
8e433c0592f77beb6dc527d7b90be120

SHA1
d7402416753ae1bb4cbd4b10d33a0c10517838bd

SHA256
f052ee44c3728dfd23aba8a4567150bc314d23903026fbb6ad089422c2df56af

SHA512
5e90f48b923bb95aeb49691d03dade8825c119b2fa28977ea170c41548900f4e0165e2869f97c7a9380d7ff8ff331a1da855500e5f7b0dfd2b9abd77a386bbf3

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Cache\Cache_Data\f_00003e

Filesize
27KB

MD5
d44b00eaf066eb7050989509fd4e36c7

SHA1
f9c5a6144aefdc63afdadfdfba432a7f2921aa72

SHA256
81d81f58eace71c343daf95f8a2756fa914556bcad33ca241c127c4ae68c215f

SHA512
99f9f4b102f6eb4c6ff8868fc598c536397d247de9764a67548739662ae302ea79cc2f730d63b8ff40c8c285b2c9783bba96e37c72d9922623fae83219d6694d

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Cache\Cache_Data\f_00003f

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Cache\Cache_Data\f_000047

Filesize
62KB

MD5
c610514e5756020cfb3c727b77b2c83e

SHA1
4083cc96db7af4deac95b32329baa78b7a584f49

SHA256
0148f8f91e2ef35d38ba66c9e01f3deeab27bfedcddc77cd782908c401ac9ca8

SHA512
039625607b59612a9eefa3bd00a07be62cb531aa201d1413da190ecc9ff33e35a8c7a4d095615dc3d08856de1c0ff6c4e080bee8b7ca53174f78d349a2fc6572

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Cache\Cache_Data\f_000048

Filesize
28KB

MD5
13d4f13cd34f37afc507ac239d82ddbd

SHA1
6d500935a441d438ed052e90de0443bccc8c6d17

SHA256
76464e77d22532976bbe5d1829e97854d5c37ed5a46ff300ad9680876ec81d01

SHA512
152e6449d09a7b544cf6f986c9695ae07c330f4b13068cca028ab56ffdad6ff2467f371ea4385ad71da023f3beb83fe0ba1d6d413f1ddde14372efe82ae36b6d

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Cache\Cache_Data\f_000057

Filesize
23KB

MD5
c2935832073d69b70a3369efbd1490c1

SHA1
9c008bc89c0b6d50c89c6246e2061b58a9242f19

SHA256
aece29ef481c87f8fa1b6f0042637f0a8d721e0805004df23c13a96c3f1a214d

SHA512
e1f0e4b05f92e44beb4e7b3a39a113836cd1b8064658c41ae24a2d0f43df61334d0f4659fc48152c426cd1cbebccb6372328d440867e11fe4a047a2d3ac9b5f7

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Code Cache\js\3f45d120ea7e2924_0

Filesize
237B

MD5
a7e4dc5982fdc8e4969cfeb65b6e28e8

SHA1
3f9db5c61b703c51237a52ac8eefe613546b58d0

SHA256
39f778dd1c6953f99472bae0214c8e91bd9c04554f17e3bf1be730a556aece0b

SHA512
1e572a4abad524e77b6f9189f598214a94bc5af3a9960967e642708ccb8e31128fd8ba9bbb631a61105f90ecf8bfab258436506da84f2793e5475def39d750ae

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Code Cache\js\bc1edcae1ba2d708_0

Filesize
229B

MD5
ee425461f77f9a198b23d36e120880bd

SHA1
7f7a576d6f01cba2163654a3ead3240e8b8d45ae

SHA256
de0bf06b07ff745d48e256def8d025bbe33a2286a5507e921b29933bfea2821f

SHA512
f6ace82ae514bd3f87d40ef171f3da83666423a1f2379dbd428d30f9f1aad46cfd1b54150a96ee4e22e69c7a31f0f74d3afd79071ece0e398c3941cc88113fb2

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
69e5ac955d0b2edba24bfdcac11b2d58

SHA1
2d93dcfa10571464be108acc7184437f9911d62f

SHA256
df86c81f3636861266cbd8666f1686f9cb2bbadd8dd1f71d24b6f23c66c1d049

SHA512
621a303001089c28f5e3a40e2daa1bf5b8b5f098dc8a1b76864bd9a45392555c02d91799de6d33bc065352893eccce642eff2533ad1262edeb130cf6f4fe2316

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
90138167a588a46f109792611fc741ac

SHA1
a43a4edf7f96b25b71838d7bd4a03eb076ddd57b

SHA256
d478519da140baf18ec2dec6d89d31466d80565ecd61388a6a76c9cc120911ff

SHA512
1b6c157f368e8bf6e87a94b92e69828d99484e2c41f96767d5c0a6c6061953d559c8ab13fd681143ca0ca523e1809b83504f564816b9ff5e4a3a3da24574260b

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe59868b.TMP

Filesize
48B

MD5
7754e0dd4549655fd277c6d1599b4b02

SHA1
40ae10997378f5151da99afd1bbbd05af5052624

SHA256
f1aa395f0b88d95d4c54f2fbcd8ee511bec77fb26df8a02099e562ea07de8b77

SHA512
3c203ad7d1bff68c58ecb9c7d063679051377e9b7088db8b0b16c5b61066284d26302e096fd76d1c1d69803b62f0437ed8cdeaed26e273893100185976deb4cd

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\DawnGraphiteCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\DawnGraphiteCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\DawnGraphiteCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir7004_1407258268\CRX_INSTALL\assets\index.ts-68082f05.js

Filesize
53KB

MD5
4b1999e443b36d6b3fbd8b0655fbd9c4

SHA1
9ce799c09220d286590d98f025b2b1e254d1a4f6

SHA256
ce01cce8b0b3614b1655f40f28c7a39f9532ca9e94c3fad05021940ff8b9a0ca

SHA512
7d260afb87d8bd2e8d104d49094fd681a3c6f39fe455be0d2445901c2e0d224a1a2416bfe3f0c4e3417760ad4d530be26abea2f9c07f80fe047b847efed91a77

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir7004_1407258268\CRX_INSTALL\assets\index.ts-ae5ba517.js

Filesize
15KB

MD5
50bcf1fd951bbe65d3e9ceda508d29aa

SHA1
5812417e49b521dfc2623434dad97380b6c5d1a6

SHA256
861428d94816c77a78e1ba0ab7e0c460c0716d3725b9988e96eec719ed9c73a1

SHA512
12dd93b2a22fe1646b060ea5912e56b987ceaced3f836e46b1b6b3296c8f76d2927dbb25b6c76fef9e084fca0d2afd01a33e92319bb916fe8f03b3c461be5234

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir7004_1407258268\CRX_INSTALL\assets\messages-86fb7e29.js

Filesize
21KB

MD5
6d62c5de88a2381b5627e0d2df7b9a30

SHA1
08c76dfb73e09780b0b3f98e5da414494904417e

SHA256
068f97ff81dc092e4d201f575a2d330a0f5830e847edc6e0e80f8a97684ba75f

SHA512
a193d284bc5c017353e8ce1a51f2449e2e58f0f35fbfbe8173f812bfaa91840f2cdede70897c64d271601f8836ef4f694dc099c2271c18b448b9892e5043e291

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir7004_1407258268\CRX_INSTALL\manifest.json

Filesize
1KB

MD5
cfd55d89aedcb24f5dc14662daea26de

SHA1
0eccccf18b2da8a23a34f983641c7c28f2ef5864

SHA256
b027e1e1bf93d33f4aaf3d61f7a5a6b34a48134be16f1defef2dc5349e2e8800

SHA512
9cbadad89a57705a74a0d96055437a394ebca0752adbc1d1c56f8f8878f0594b65bf7c8826cbb8a48fafc2ff976152a79ed1b82776c83c3f54b0e5de11d3fbe3

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir7004_1407258268\CRX_INSTALL\service-worker-loader.js

Filesize
40B

MD5
34679a8029e867292c60d4a37a5c597e

SHA1
994e855eec5b6ded3e365ce828f8646c6b6f7ee3

SHA256
a04c0b004f15f9058d16dee395025cf6f054fa33751242707fac789d4536d814

SHA512
03734f81215043de34aa60a7d685114542d8cedb3be763d5292feb164fdb8b521f89d1641235da2d82a64da5278a30598cb7fb8fa3d9a87d026b572fc9f17482

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir7004_1407258268\CRX_INSTALL\src\assets\icons\icon-128.png

Filesize
3KB

MD5
af719a0c95789b088fe4b9f82dd5ee98

SHA1
cca49d2a728cd456b450cfcc20f91acf781c3105

SHA256
5b861963c613fca1dc4aac9a416e43b2165b05a4277478f74b7f6562a378ff5f

SHA512
4a6f77684b3bc459897ab2709754849868bac64f4e099c1e74970339c944738278454d6c043ee8a2a0337e9891e7e7126bfc41e6fb0f5fac544b978ae36f5082

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir7004_1407258268\CRX_INSTALL\src\assets\icons\icon-16.png

Filesize
425B

MD5
46c4711e8452178b9c2471f9c59c2667

SHA1
e020f7ba4a787f840d204525e8eeb21d0c21e2be

SHA256
4e1aed06fc4105c64aabe9580069d0cdeec3464a693241e7c02771e1beda860f

SHA512
42f2161205f28003aff9ea4a8bb33a0a0ebbdbb9bb5e9446efbca4f000a4315b2bf7184d79254c148da40597cc15bf8f22a02a3da78cf5c9026ae35e4bd695bd

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir7004_1407258268\CRX_INSTALL\src\assets\icons\icon-32.png

Filesize
764B

MD5
9caefef512720012470700a11b0bd456

SHA1
bfc11bafa996fbbce1566a569a79d5d72b08f1e5

SHA256
82c0a843e1df5cc10a8c6beabee8416281aa89c73798d7bb6a2cf4a237a24ae0

SHA512
3bb42b23babd54cb902e595b84a398ad5b2c9bd2e4bd4951a8b0cdfdbf91f6d0e04bb1fa944c54d673babdbcf0400c1947d0e12fba8057c3f69ab1e61b89aea1

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir7004_1407258268\CRX_INSTALL\src\assets\icons\icon-48.png

Filesize
1KB

MD5
2184400582c25500a74577359a1f7e7b

SHA1
e69eecf84f7d2d98bf236edbcfc143fa42d01bc3

SHA256
c6c3593c7d0af5c9a7f2e26b98ef2629e392c5da87df80653d94ebe412d5c9c0

SHA512
24858ebec11fc0bb586eb2d6f555f5e798ec9708ad89b0a94957a1537dc150a584b70865d7fed53d3f122789812d390eb6af6b68ff4cd93296b2b0e5a21b103f

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir7004_1407258268\CRX_INSTALL\src\assets\images\adblocker-bg-1.png

Filesize
16KB

MD5
404ead15b3040c2a16cada6a18088aab

SHA1
57d6d1b3d601532d1825c738ee51d0971f137af8

SHA256
bd474396ecae2864798b9b33062afe3b599dc834db30b6a2f4cff0d0cbb9f9b8

SHA512
12173b41f487987aceac82c13f63b1318107c48d6803dc1f89053245c1c08d092761399ab397da44f0ccca5d9ee3c79ab98081cbdb25a78ab5b97f0b52a4f784

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\dkfaejedefgggmibkkddljhbafdcdgjn\1.0.6_0\dist\contentScripts\style.css

Filesize
38KB

MD5
a2de90a2190cef036f2c6df8ab8f00e4

SHA1
d2c76852071c134e386b54d0163640233e8b854a

SHA256
8bb83055b42d5b706abb9b10afa55c189f2e451acc976c78430c3d91f555c817

SHA512
761d49c55530694df775138dd078c5b7ac91ad2ff561d00df824bb70ec7d63b6e886ff75e195eac6277c535511618bc2c034e2db7693329886b4b87696f7dce3

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\hbgjioklmpbdmemlmbkfckopochbgjpl\1.0.0_0\preferences_schema.json

Filesize
7KB

MD5
a192304f63ef26c80086f835cc4b7ada

SHA1
6963e90e752209132b728a938844c4c64dc94d43

SHA256
4f72309f9378f04b3f1cb8f46b031ff513ac63e5056d96272f2bdc6d39dcddf9

SHA512
be619909cd0c3465966a4018847310c1493bfdecad6f07bb28293f3dcea73dc377f5d52cca040d626368e17828eae28384fe51d20c4a71925c5f31eea8e18561

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\mccchmdkmjpgjlhckmbinjaioihkcnkc\1.0.8_0\images\x48\icon.png

Filesize
2KB

MD5
fd727c2aaa8b364faab1828aae2250fc

SHA1
bca5b2548b009ccd0b2f79c09fd628fb3119231e

SHA256
1a32dcbadab7c91a690879b5425f6815c07dda1aadb6f6a7942b9e895cdecd0f

SHA512
7d21b3133beea16a8713ab8a87ac7b84d8b2a312e4f017a9988e970f7281b9c41dec3f909d5483bba387e5ede366e80c210da93a78ed72b108f65934eef07c15

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\mccchmdkmjpgjlhckmbinjaioihkcnkc\1.0.8_0\images\x48\icon_a.png

Filesize
2KB

MD5
c05285aad074c0872dd78908176b1052

SHA1
b8a5926d153dfbc503a38a749baf9099903c289f

SHA256
9a4a7e0c2969562d5d1299f80317d4560265b4a843cf17491c7d36fa74a91cc1

SHA512
6006b22ff83d0afdc346179a4c2dbbf927efcc62fcf9105fb45efd768bdba62af5839c3efb21e2555e0090639ab2dca76397d294b51db0dca768def53ce00a1a

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\IndexedDB\chrome-extension_dnpmpbbfdefapbnfffohgcejpogkbjbp_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\IndexedDB\chrome-extension_gbohaofhodnpniflcnancekmknlomeck_0.indexeddb.leveldb\000003.log

Filesize
26KB

MD5
841708bd7de994760870e0c1d99eabee

SHA1
5c23fb507a0f203bc27a4a15b3cb438e1bf020f7

SHA256
5b06c6a232174836addd04b5543f60a9fb492d589ee9e4d774735675fe0e1ae4

SHA512
3be982535aee1096f8e96be529554867af10b97410dc20928c4ff3cc32385f534f1175f7dbc2928b5e8c2644d92cb57a860203c9036bfdfdb9232da0ae75a83d

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\IndexedDB\chrome-extension_gbohaofhodnpniflcnancekmknlomeck_0.indexeddb.leveldb\LOG.old

Filesize
444B

MD5
5c3516ab1cec43726d181d5f18a93f59

SHA1
b6248e7e481e6dbd056e64b84f6bad9ed34e86bc

SHA256
67c694d8badadd183a2151408f7bf8c74ece7b6235f8938297bacbe7501f79f4

SHA512
81b965f4b49976b94ab22501ec3287c107ab73fdd131e1ecc3b2b926ae4de6291b8948f895eaf70c8724d3bdd2b0223d73010ad0e3d270ffdfa63dd62f27b8e1

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\IndexedDB\chrome-extension_gbohaofhodnpniflcnancekmknlomeck_0.indexeddb.leveldb\LOG.old~RFe5b0de7.TMP

Filesize
403B

MD5
890dcc576ea5fa37d2ea7998bfa085a8

SHA1
aec303abd650a9393b2078b85d20c4b1e86b85ee

SHA256
c764acfd7daa5fb9f05d533054b6458f1703e0499a9b1627ea97534c7e125957

SHA512
f2429521e7f378c63def5708362dccf9c5d1c144ef3d37729f1e218bdeb1e0fe078688c58e5745ebdf89955e48b0cb5a511df606f4cd1f806852621a26337e2a

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
7407246838b151294037e0c1bd2e0862

SHA1
f1127de398083fcba4b7f2ac715de39f80921c85

SHA256
1566c3df91fe9e5a728ffc134de6ae82c4d4bb4fa5a27515e3349c8459046ee4

SHA512
8a9a1e9832a073752bd82f24ca59528ecb4a514e1335139634e806b287b9baae3b92ab93ac0efcfc767aff78d3f13edfa5361d359d5e711aac1d5b270fb91f67

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\Network Persistent State~RFe5a15db.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f795aaeee17bd00091522ef38a3d9d64

SHA1
75c50012908b4afd0bb46f9e8f2c528902b7ce3c

SHA256
e625352800da023f771f068df04b15b3fbcee24dd462c92b57254869f1b3ff51

SHA512
a00adbfa43b1ce47ed7097991ec651e4881815eff5910b51be6526bf9167309d9a0b986a0eb9582bee157ae2b8d7e1cbe5d6ccba947089fab251aba609af68c9

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
929d1e8fe487eb7d7f71d1182d395f73

SHA1
25924fefbc3d66b352b71b4bf95376d8fc88f9c1

SHA256
5eb94ecb931f8ac8dd78df6f5999c2aeacc8252837634614e3598e6fc50dbf89

SHA512
da211bc15ab52d7ad2fdb18607d84f0ea173fc2dd859d46c61456d5bd355b14f896a4e69ff24ff413cccb700410066dd86c47bd8d6d377bcdbb13c6b466d6018

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4bee9197e1872162685e7489a90d7269

SHA1
5294e71015a53d296df17cce25d6154eaf912406

SHA256
205e47a1a3960d1596b2a78a7c223bd062011311e56707a514f8050e88ea8b87

SHA512
04668a6d38ee35ac443190c914ea146867e96cb6bc5eabf679230c7632d2e5adda63a0abc334823d7f9b67f425daeceb448ad3ec9050976ee3ac6ffb453c9489

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
3399ca1a57eb7d2653e20ed989b08902

SHA1
70d1aea93975f4e4e4000b228d7d21f224e96cf8

SHA256
2088de923198ae0e5b87ae45c3dbd607be0e608ec0d00013729a509488bab9d6

SHA512
f7a33a44d09b7651a16d9589ce301dbf851dc780171cec46448a7ab5ff2d74db2cb5ac0de3dc08e75bde6847c8176a34e5f9ff5a6a63a27c2f4564dd6629145f

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
5bf5d5053374606cd22376b349d4dfbd

SHA1
08f8d433835183fe3effe55f96bacf0a008dce32

SHA256
80cbf071c242221c32556076ac0d961bbf5578394dcce213b408a0ae4ce36af8

SHA512
cbdd218652f796e235a6d80a046869fb9a8771086f302031918d4a4e470b9bbde5a9a086a1a2ccc3fd9e006872e3794906a776d7f13fd1332256d65a50b3c6f2

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
3ea02f4abd81ba19ae9eba530e0cadcb

SHA1
61cd61a6eb1a7704507d341c124704afeca0b5ac

SHA256
6f6857728c722bf2ca288a11ebcae01e0b21399ed94f91463d62532332ca1d16

SHA512
01b2e0e2fca602dafcd6c738636dbcf5e9114b5c011d21686b9809a569e5a51eacb5a3df0a13b468b21bfb44a675a1f319a4698b2e09e27e07314e81f564533d

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
1b47c494c5eb43c124412d00aa126567

SHA1
3959b6f413ca80aa1ea04e3a4e8136a14fb31c6e

SHA256
7df86f7ce462ba56535e5836d17089a3b1a01eb60474502900ca4667e5eb832a

SHA512
5e70710d0c0cdd07ce07f714acfa7991097784f4fa22cfbbca7430efe5de0e8b2cdae14c08f4e4f9b53d79c95a4a95ab125a09404b99b917a90bcb4cfc658bb3

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4187acfcb943ffc101c111766a31409b

SHA1
b849e7f721dc0889f817131a8dc036526de05d87

SHA256
ef726c0d84798c906ebb4dfac62ae50c2220f4a8f75941d49ed61d2045502853

SHA512
31eabc9856b37887295bf2ad8b0a17fdf02ca83cbfa902b6b774dd5e9a231976cbdbc63610f707db1b20da18491cc3b30cf7995ac1116a1a51ca2e8d669b707b

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\TransportSecurity~RFe595366.TMP

Filesize
1KB

MD5
577efb667eb7e93e1fa024beb871598d

SHA1
704618606f8cb7598107d64f182dae0052c18a60

SHA256
1f5b482f67b2bbce4f1fec0f796bcb4120df7840230be9149396dbe843952375

SHA512
97496dd1b4d713a184cb5b830783ed67c0b03b9c7bda6dfe432b48243b23cfe043d124e1b1470c434e8fcd629b7392a4d64af48836922a062cc1f1c344560362

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Preferences

Filesize
16KB

MD5
93cdf9479ce09b9921b95137bb20f1ec

SHA1
fd4a6e03deaff0df0f9de824bd119758c9fb3773

SHA256
b11aec253451c1d07e7e75f2fae368ab00dea92d33c63573050516699d92090d

SHA512
9ca5fe21b1fcbbc8472b1e1eb88136c6601e8c24d3676d3c031d3027da5fd6f334e575b856a7a6d6f050b8b60a49f230b987ce3b3b71dd7bb947fbbd16ec740e

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Preferences

Filesize
16KB

MD5
dfa915fcfbe0eb6320e7edbcbe08fe1f

SHA1
98966f6522fa7d8a71371c95e695c53d01985bcc

SHA256
c649e3922e09c1c9838bb409c29103e81c18077b05a36ac700b500c182e4feb3

SHA512
53e0900da56e745414b2f60ba1e7d5e88199de26bca0b9db81eb3c801f404b0ef0018072018e40c1ae6bcdcf679a5ef331073c2c8410dde8cb29cf6aaef97ad5

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Preferences

Filesize
18KB

MD5
b882f186a173ef324ed0096e7a2c97d3

SHA1
73bc516bdbb4c85b93ada193dcc98fbb66bfcfde

SHA256
0578f8d978371e481f350d2f82780352721420b2c7528d507e45ec7d41e1f6fd

SHA512
89452a229df4e6f4d93da1b849d5bd991b902849a127f45f1a5a98fbb423545360c680a0efb599b772b8db7ed044769a31eaa03bdaa7e99ac22da49e96db775b

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Preferences

Filesize
17KB

MD5
89257f494cd0caaca9cf62ad165739c2

SHA1
5865a0d974862366eaad2b352d3f27d3a81b3370

SHA256
5e04a8aa9fa0dec87524d61862885e9a0234f92cde06e60886e2f07c708e8059

SHA512
918b0b8bf29f7a17ef245ec0f94a855a6873fa27b653cd61efcb320ab7b133292d125d9c197b3e31b6c7d15778f5e32351949be14f49d307e4a0144341e1b46c

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Preferences

Filesize
18KB

MD5
738ebc2b1c903c13ea81e152fe635abc

SHA1
ec20c0e4dfe109b43003a63ecef65e32f5887c10

SHA256
ada0f0c53f853624b76b37717e451e0583b3510590640c443284b15d1f36b2bf

SHA512
2c05f3fef0461c441ebf157ddb50677459615f908f7fc66f279ac731691d2ea566ee8f5e912f0d18dd2aa30625cc397d8f620c647e26d86a5387c7ac1055a94b

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Preferences~RFe5928bc.TMP

Filesize
5KB

MD5
2d2e0d70bb6604e2ef899454a240aa55

SHA1
571910f5bfbe8f3340346dbc754a87f65f806993

SHA256
b06ccb58f50ed14f287ced395fb3269de955604e4b1d160bcda04008bf4923a5

SHA512
9bbf4c947e9e8193212958fa093aad29fed4a8e3f3a5d4eaa6d8ddb13b65030c41a350d9fe0b48bf08b6861ceb6cc8e5a0180cbab04436cfa73385648f3a055e

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Secure Preferences

Filesize
45KB

MD5
8b1141e8fbcbea25c26513588ae35d2b

SHA1
b997f71d10dc7dde8c4f65fd086bcbf165db1fc7

SHA256
537b06a462e67c8c3b7540c1b9624d64f2619c8937fc65c31e8c5ef225b9f7e8

SHA512
ab6c3251f136e9b2220e0395c42bee197e221c98e3c6a13b73d0427bbae70cb218be5240f39114698fa6a1f585cb8865d6f50ef0447c30d915a9808a1e8974a9

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Secure Preferences~RFe595087.TMP

Filesize
40KB

MD5
b8dc087c97280c4452471c5a4cefe022

SHA1
636a3c12704eabce87c583e411542c0fb3e1164d

SHA256
5e344cbdb8966f2141551a278ca70a9e9ab85b24de84626d41e4274837d7695e

SHA512
9be931e14acfd7c7f63e8f89065d44ce8b7f742d3b79c2aa3586ae40c8b9de24d729b7b2ffc9a7152c091e258c2adcac5ed69fd88c87bc7b799d42b46142f17b

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Service Worker\ScriptCache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
312B

MD5
a73a7fa5a91c69e0adadd2bb3409184a

SHA1
c9f063bc234151f428e0c66b52dc49a457718036

SHA256
90b4800ae6a3154cd9083baecf6658bb251c46daa02ef90449e09d90ff920423

SHA512
44cf894c1be194d515e960831068c00bf71313c002fa50439c0db588165a5ed670af8124fe102702dd00698608d2375dca4d03e9f1f73ee9ebcd84add1d8f0b3

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59867c.TMP

Filesize
48B

MD5
93215927fa60e97aec994a860d4b73cc

SHA1
910d4f852dcec30a92082f87c57aeb9c559f3d17

SHA256
9a367978f46aa51569ab7caf33b84d0b434d1759d5eeee4e3b8caa7325390aca

SHA512
8cd13db5d4d1216b8f7f4f648aebb01e46bf5fccb91c05b7b99539d4aa8d274388deec000df0e22393adf3c29049a0431c6732a895c19e68bdbafd4dd2527fa4

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\bdddb49c-8678-4930-ad4e-004497b84233.tmp

Filesize
173KB

MD5
f3d32d9918947cd0ee98a95e6782ea0c

SHA1
7d352e9a4799b5a180e11eaae4a7ef1a6ae51d2a

SHA256
33845d8a8dfe591b8eed4b27f2c47dc856b11d86c6bfec08074662c559ed4d01

SHA512
e4818c7e56b2a7f28610f14f738fe92018528517182e5cfa2e17750796bbdecdc2bca3af71afaad2e27a19a17e487fc321e8e20c286268dfb7a126135817804d

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Local State

Filesize
7KB

MD5
09866ae21ce3da7482762f876f11009b

SHA1
0b9ab4201a46342ac83ca786c571dea980a6ee67

SHA256
78618cf017db201a3b9c168e4af9268c68fe3c9a9a8272e1ec56483838caf7be

SHA512
17b3765e27e4d7a6a375e7c8c612f9d6542390e721ee5545d0ea8d65f4c0ba82694add71e8dd8165b0f78e92f8b67c9724419694961bb5b164730be27eaa9bad

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Local State~RFe592820.TMP

Filesize
4KB

MD5
a2398fc4444fddd3e44779783aa93466

SHA1
89cd68e432858e617fc99a8bdc24f43985aab5c3

SHA256
a1d4649823cfe7eea32a8f2dd1c828c938e449e8adb151f87597ca5b793770a2

SHA512
d92dc82097337f18e939981f204a74bf441aaaa8f61d5b7e821c9e4ceb8f4da53154d8bbda66d2ff7f2d2f77531c9e7e72eb1e6e97bc448d9b6cb98a715d9f22

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Subresource Filter\Indexed Rules\36\9.49.1\Ruleset Data

Filesize
120KB

MD5
c5e30274fe7b93847f6d7c02410d1209

SHA1
488a49f38459f29e110c706c51b61ca1ae3b0e26

SHA256
e634e3cfdd0d27d0be1f5f9a19748d19d564928765db343503f42a6e1f5dd4ea

SHA512
bc235bb3af269e9a828e6788dbae2b42cabc879b858102f4cc76c0fa02af0e296d20ffc8f134c0a3f9b408643e4810e8c46afeb0c285b892908b06ea1aa1b811

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Subresource Filter\Unindexed Rules\9.49.1\Filtering Rules

Filesize
68KB

MD5
6274a7426421914c19502cbe0fe28ca0

SHA1
e4d1c702ca1b5497a3abcdd9495a5d0758f19ffc

SHA256
ae2fd01d2908591e0f39343a5b4a78baa8e7d6cac9d78ba79c502fe0a15ce3ee

SHA512
bf1287f502013308cdd906f6e42998c422ef1e272b348e66122dc4a4e471d01333b418f48d1bb2198c72845bdc950612597e179e612aaa1ba6cf8d48fb8f0cf5

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
8b969248b46156aea68043fc5838c24e

SHA1
9c6a27caaec168e5e4938fe7fea2be8e86b08e7e

SHA256
aa65acb28d0d86c23518b50b06910a1ffc105c94a4cddae236560a031d5e94e9

SHA512
e2ce91b0229b0442195b2916b893eac8403647dc7f5aee37a1b4497e9f829a11e0d22c5697a20db778969bccc53b63c5b9a78beb4dfa1fb99303723afe33e576

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5b0471.TMP

Filesize
48B

MD5
0d2c3a5020cdb035f394502ce3064dfe

SHA1
901097c7387772646dc080866eee4dfb2a597d8a

SHA256
68722246685227be0a90db8118c18a780babb4d6950a2a10b85341691ce8a352

SHA512
9d18d5eaa510de708a06190dece81c8fedc5b796f2606c99da5f95b1894728cbb1bafd8e796aed230e245a39181b061edbcd43c0e4a3930f36935ef323fc41d8

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
33e11ed8fa2945289a69d282c51caff3

SHA1
f6187bae119233ba5e4c9d82816310fc00327926

SHA256
616ac1766374d748b8c22782f1f4e8e6901f82566dc40e05a6040e4a29a02a70

SHA512
034af4a39c9c446635051a6c74cfb9f274b2ada0728d652e946ee5e8b8e876a76b210c0a681200acd3f9c3c5e281eea6879d2087d872a117fded4428876e18b6

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
517B

MD5
8652e1269c3ac4d2a9180d57729101e7

SHA1
33b360f057cf3143696ee1b3d23635bca30d540d

SHA256
8b30a275d4ec56bb982828d52608ee112219436ed872b1cabe36694108bf1924

SHA512
23c1001d2dc2e56cd4a12852f51093cceed9eb6d2982f8318943fc8f6af286caada4648b4c18128eb489f36c136986acd1eb9800b29d9bcea1708b3834d8ac8f

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity~RFe5bcb0d.TMP

Filesize
517B

MD5
c48c5b582588e0670b26fc522129c015

SHA1
5973a0e6947ac24c5df15239878e305aaf941967

SHA256
4db6a4964af36ce89ba9afcd3fb4858173bb73e1f00793a26be8640941489769

SHA512
f3d6bf475fe259aceb24d4da7d508ea01ad01cd98124d967a07845edb6f58df98eeaecb6bec9760844e8f6dfe18fab83eff20d956736130d68b1b858f4178a40

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
4KB

MD5
a514c8dd250c1117e3a12d728c71da72

SHA1
296042123f12f858efbafea45cc97687ee70ef6b

SHA256
a1c7c1886e6fb4401150c0a554ceb96594876d0811776e5350434afc81de1252

SHA512
988d2bad5f332a283a3fa3f018e4f815719725a5e0175cf7a636637e95b1de3162bce73650ad005dac2a569794caf763e4d21fb804959d3fcab45d3f6b4ff274

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
8cbf875834cecac3e616144ca24f9c57

SHA1
fe9585e4f6782a51cb741002c3f595f329a6f048

SHA256
44b0259eead9d1382f2291c53900d83358d6168b2456a4e744311f6920cdfc55

SHA512
078c1debf8ee88eec64e72383cd8e99daf642070136f2a940627608f23ea7f47259e5f277044b070d15fdf0909b998cadab2713214a50d16c34cbde5a52b52b4

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
05b00d6e48c5e74900258f387a6f62ab

SHA1
5542b54c216b902925ca9f54de8322734706449f

SHA256
b4d798288af82e149ada828267c9da9412d252f65ff3e47b013af71bb4f4f598

SHA512
10b6369724c51fcfd2994a0316cc1ed0105602f3ea648c35dd6a0c8b5951251fbf09ae0a560b49c362c0dc9b8f3dc49c9d9c824112e0cc475c02e2e2ba6e7441

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
ed9c4b7cb82f413ef5ea317ff6d7921d

SHA1
59c788f1d61c1350ca73fb8d83795baab57a5063

SHA256
fdac7617a6a58a7c40dfcaadee6c9c79ab50dda008a969862592a5d0f53d0179

SHA512
90ff075adef2e1b1720fac5360f2190d8367d7382fe56d39e493e2acb80506c22fc6693028de4161ce12ce4a059608b696d3f29af2eae94657c89a6afde4ef7e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
54abe2fd915f90358c8dff1a6be8609e

SHA1
e06cf30829009b8d48d7ea98b103f1e497c4d044

SHA256
b1090da87047d24ef199bdbf06ca857e0fdf9ad169c269157194a36b0ae54ac5

SHA512
bf7182fa0ddff02a2f45289112096641058db22e460bede05f2b44760e3cd8b580a04605106d9395a99f892be2925d1fec6d76a6c8fde1358841115e1bd600a6

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
4KB

MD5
6dad2f7ae0ba85920f7722b9fd740795

SHA1
c2165d97b318cee6e20fe966860aa28439c19855

SHA256
862fe2ec80f0242975c6aafef9f0262b63531b3bff5702c0699cadbc7b5aee94

SHA512
2e568902a98cfe1f8a31974fb5c1f6556dfbb0807d579bfae43b77ed415f9ec3ad734c28b0d3aaa9d884dbb657277823692af6b6f3bac486b2aea4ee4f9582c3

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
48a0e5b7f84f2f14e7a0f1b33dfdd8b1

SHA1
3f829ae8e731b218f16cd33718fc6604d51dea7f

SHA256
7d6f1d41717522a7b4bb75aa3646dc4fc33c7ef343d1ef4370b447a5757d8741

SHA512
ef989a8b28106da97508aab6ce030c047e668a9f5ba87fbf1c41e52114480652b44d91da4725ef8d031197201adab1dacb703e2c79a3f035c670bc9f3ffa8ef9

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
8f4dbcea74f0452b04000af60d246159

SHA1
c51b55872951dcd04b34a62015075a5cbd2ae5f1

SHA256
ccbb834001da9d35a8daedd5bc83239b0e9b75f378fd54762ba7a4e4e765c2c6

SHA512
16e6d7dda1f15776c65a22e2f9022192802c9ec4fcdf81736005663794d8e8de9de4094632257a099863889b20913f9ab5fbbc54a477ed289640d3b2b7f615c6

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
ba1ac1e8062c24ed3bf926f401e61807

SHA1
8ba708784f521432168ddf0a88c97bbab8fd877c

SHA256
1bafbb9e5ca45ca91f950e93d20ccb3abe6905ef4b46da225287dc98182415ff

SHA512
5c0213c9a82594f46a3e17bc0787c361047397c2aa07955035a819e045a0155983608b91f3e2da30c0b8500149458a45b8b45e23a29da1286ae7503bbe85d18a

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
ad805980a5976b3bbd5d5a8853535e1f

SHA1
428927f047c868d1d80977ad8bd3a9bfe79984eb

SHA256
c4ee8b9b048b2270e7f5635faee932503d2842689dda18cf4a3d5358a59d3fb9

SHA512
9989a5478283221b2603230dd6dd9ab3ce75cec30361c99211c6bda58f589a29cbf12e38f3fb2ac7271add63cc258d24eca6392e2912edad827aa14f458ee657

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
536dd59f8560b36069be8f9acb4f70c5

SHA1
fee9348f5fdc60e1af085eb97e5b5569937f69d1

SHA256
89662814a26921cdd4097af8db54ae4d102f0414563e866c28b53899fda623a9

SHA512
db10ba9bdaae5ae4d2533b23c982656c34ca0c67787afbf1da9b5fd22c2b469fb8bd6f40cb56f5944d8d0bfcb8b3aa04184fe4a472030020c0f98f4c4713cc74

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences~RFe5af55e.TMP

Filesize
4KB

MD5
a670a588281f1f7613d58b38c581807b

SHA1
cecfccb314a02a2d8483b8251552602f0684127e

SHA256
7b75178596c20d7b638d5760f8a12db8f4f28051a04cdb5ab5951fe80a2952c8

SHA512
4c0cbca205e950ccd09fa57f3403b794ea1f171595d6b492c801a84dfab5e9544e1573f42b3822e22883f62f60720dc7fb849d64847c02dfa4b54a8ab57f4371

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Web Applications\_nwjs_pcapp.store\pc_app_store.ico.md5

Filesize
16B

MD5
03e9f614a008075733c76883156b568b

SHA1
5f9cb1b06928487c4b836e9dedc688e8a9650b0b

SHA256
b1a6a6fb45ad1e13054c40dc7c09e3098ee830bcf1ebaec27f640ae4c64b8416

SHA512
7e6969c8908a6bf57bd2cb4457a7c78360468383acee589278e49829617e2f3b872dd8213e57a2ed8f512d444c67a2e619deabdc1394d1c39c7759ed3c744f94

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\b1384fc8-b6ac-4f61-aa29-b306862bbcb0.tmp

Filesize
148KB

MD5
728fe78292f104659fea5fc90570cc75

SHA1
11b623f76f31ec773b79cdb74869acb08c4052cb

SHA256
d98e226bea7a9c56bfdfab3c484a8e6a0fb173519c43216d3a1115415b166d20

SHA512
91e81b91b29d613fdde24b010b1724be74f3bae1d2fb4faa2c015178248ed6a0405e2b222f4a557a6b895663c159f0bf0dc6d64d21259299e36f53d95d7067aa

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State

Filesize
2KB

MD5
e0d3e67832804018c3ab382f24eba2dc

SHA1
deef9f548ddb340c6c8255fc8d7207304b8c1c52

SHA256
c5666dcadea5ef89275df250956864ca4873dca746888feac7b218210453e068

SHA512
ac33e6d1a5c0e5ac3fcace764e16d2762e4278e658e1f0594562e400ddc6cab5c68eb9233ce9129fcbc9830721d3de46edbdf6b8cd43981ed5e0bd14faea882b

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State~RFe5acac3.TMP

Filesize
921B

MD5
9d5e3b898a0a609bfec4071d20d2edc5

SHA1
8173a163df319498e7d0a67ac60b97b4387106f1

SHA256
70b789b10eae29a506e1a5fa3057ab539a5cd7d5a5973f5a0247f5869a46748a

SHA512
624c3395c2c96a3f16309a3cf3f99d445ee1e8a726caa44102a14a5a63646d61888c2d94e12b8eefd123eaffa977cc6d7f19e36d8c94b8c59557780f0e37dfef

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveBrowser.lnk

Filesize
2KB

MD5
619f52f90c9445cd00012cbd2fa5e620

SHA1
37eecabe295e4f906746d4dedd5d35b05cbe0f7c

SHA256
1d3ff6413a8518397c837672cf79d7b61ab3dbdfeebb40f2754c92b66420740d

SHA512
952eaf6b3ffa21ca9bfc68b4a8f80f655ef9d0b767f51d10fe6d13b52c6caee3cb0d11fc490ec8663982440cf23c06f09e5e4a3ea8bac8bbc4af95bbae117549

Download Submit
C:\Users\Admin\Downloads\Setup.exe

Filesize
117KB

MD5
c098df9ee6ecdfcca479869ef2c3d58c

SHA1
fb10b82bfdbff88be619eb9c32a27cf5b76f74c1

SHA256
5a246d07e1719bf7909d755090664813290108054d5916c9c18755a431f70bd1

SHA512
f69013a2749c918d144729434a1199dc17f9cb9958ce6c6f229b1a756e5e844b40a560b6b74e2ebfb6094ab311769ea4294af05a4e138967891c7d9b2c7a7661

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 397757.crdownload

Filesize
5.8MB

MD5
0dc93e1f58cbb736598ce7fa7ecefa33

SHA1
6e539aab5faf7d4ce044c2905a9c27d4393bae30

SHA256
4ec941f22985fee21d2f9d2ae590d5dafebed9a4cf55272b688afe472d454d36

SHA512
73617da787e51609ee779a12fb75fb9eac6ed6e99fd1f4c5c02ff18109747de91a791b1a389434edfe8b96e5b40340f986b8f7b88eac3a330b683dec565a7eff

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 92757.crdownload

Filesize
2.0MB

MD5
15396fe00f8ee8d7ae41bb6884f9979b

SHA1
5b57ca2e66568d55eb67349f7b68b9a792299743

SHA256
9dcd1c7e9bcba6dd6c49e370d0b87ee94e2d0c5d6bbce918759cd942fcd62d07

SHA512
8e3a75b176f5658a2a08ea6a17cd9dfd35bb3c8f7c5bf843ac2d1eef76ebed599710c8122165d07590845db4e30e4b4fb96456521684a2b48506cdaa6674ee7a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 958907.crdownload

Filesize
1.2MB

MD5
c9db6b5c84be13a43ad23cc204e4bc52

SHA1
94bd6634303205715fd04f8aa10d75158390e4d9

SHA256
77200156d4773175d341aad11ab23bd52445065cd95060348da17d083dc27688

SHA512
9273493c5e5ea24b2f5ee219fdf849546e85b3f5cc24c970f1ab6fdcfe961d96ca6fd41c96f9d915892ab24ce7ff409f0f5a6569b0225e95d36afba51615f8d6

Download Submit
C:\Users\Admin\PCAppStore\download\SetupEngine.exe

Filesize
118KB

MD5
836a21bedb824a49b27341108c16cff2

SHA1
c4fceb238fa23c8e6c684eb7a97c15c8de46f855

SHA256
b1fd7f24a386a2038bd2928c18f21aaeb2d6e7763e9cf58a19121398db67c52b

SHA512
6d90c2391fa918049c52a624206e0cf96a1586bd4494f37e7b0b61b5ba8a4cb6fe5eabd4490d509c79f6018904576368fd86da1bd557b51b6e4f3ff4fccf1afc

Download Submit
C:\Users\Admin\PCAppStore\nwjs\locales\bg.pak.info

Filesize
1.0MB

MD5
82d7ab0ff6c34db264fd6778818f42b1

SHA1
eb508bd01721ba67f7daad55ba8e7acdb0a096eb

SHA256
e84331e84cd61d8bdacc574d5186fb259c00467513aa3f2090406330f68a45db

SHA512
176458b03cc2b2d3711965cd277531e002ae55d284b6c9178d2353e268f882430235468e5a1e9e45c8427864d109cf30a024a993b4763a75fa2744f6e0a6ae2a

Download Submit
memory/4240-631-0x0000000020BF0000-0x0000000021118000-memory.dmp

Filesize
5.2MB

Download
memory/4240-630-0x000000001F340000-0x000000001F34E000-memory.dmp

Filesize
56KB

Download
memory/4240-629-0x000000001F370000-0x000000001F3A8000-memory.dmp

Filesize
224KB

Download
memory/4240-628-0x000000001EEE0000-0x000000001EEE8000-memory.dmp

Filesize
32KB

Download
memory/4240-627-0x0000000000EA0000-0x0000000000FDE000-memory.dmp

Filesize
1.2MB

Download
memory/4512-1221-0x00007FF8A19B0000-0x00007FF8A19B1000-memory.dmp

Filesize
4KB

Download
memory/4512-1222-0x00007FF8A0EB0000-0x00007FF8A0EB1000-memory.dmp

Filesize
4KB

Download