77200156d4773175d341aad11ab23bd52445065cd95060348da17d083dc27688

Analysis

max time kernel
214s
max time network
216s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10-09-2024 02:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Wave Browser.exe
Size

1.2MB
MD5

c9db6b5c84be13a43ad23cc204e4bc52
SHA1

94bd6634303205715fd04f8aa10d75158390e4d9
SHA256

77200156d4773175d341aad11ab23bd52445065cd95060348da17d083dc27688
SHA512

9273493c5e5ea24b2f5ee219fdf849546e85b3f5cc24c970f1ab6fdcfe961d96ca6fd41c96f9d915892ab24ce7ff409f0f5a6569b0225e95d36afba51615f8d6
SSDEEP

24576:PW/RUV5T9w6qAps/uc+hd+VochG2f6kD4E/7J:PCRUVvjsTE9Y6kcEt

Score

7^/10

discovery evasion persistence privilege_escalation spyware stealer trojan

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

SWUpdater.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Wavesor SWUpdater = "\"C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.135.0\\SWUpdaterCore.exe\""	SWUpdater.exe

Checks whether UAC is enabled 1 TTPs 8 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

SWUpdater.exeSWUpdater.exeSWUpdater.exeSWUpdater.exeSWUpdater.exeSWUpdater.exeSWUpdater.exeSWUpdater.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SWUpdater.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SWUpdater.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SWUpdater.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SWUpdater.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SWUpdater.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SWUpdater.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SWUpdater.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SWUpdater.exe

Downloads MZ/PE file

Checks computer location settings 2 TTPs 44 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

SWUpdater.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exeWave Browser.exeSWUpdater.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	SWUpdater.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	Wave Browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	SWUpdater.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	wavebrowser.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

wavebrowser.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	wavebrowser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	wavebrowser.exe

Drops file in Program Files directory 64 IoCs

Processes:

wavebrowser.exeSWUpdaterSetup.exe

description	ioc	process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-gl.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-fr.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-da.hyb	wavebrowser.exe
File created	C:\Program Files (x86)\Wavesor\Temp\GUMDE2C.tmp\psmachine.dll	SWUpdaterSetup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-kn.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1620905754\male_names.txt	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-en-us.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-de-1996.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-de-1901.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1622138280\manifest.json	wavebrowser.exe
File created	C:\Program Files (x86)\Wavesor\Temp\GUMDE2C.tmp\SWUpdaterBroker.exe	SWUpdaterSetup.exe
File created	C:\Program Files (x86)\Wavesor\Temp\GUMDE2C.tmp\psmachine_64.dll	SWUpdaterSetup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-ka.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-hr.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-bn.hyb	wavebrowser.exe
File created	C:\Program Files (x86)\Wavesor\Temp\GUMDE2C.tmp\swupdater.dll	SWUpdaterSetup.exe
File opened for modification	C:\Program Files (x86)\Wavesor\Temp\GUMDE2C.tmp\SWUpdaterSetup.exe	SWUpdaterSetup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1620905754\ranked_dicts	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-en-gb.hyb	wavebrowser.exe
File created	C:\Program Files (x86)\Wavesor\Temp\GUMDE2C.tmp\swupdaterres_en.dll	SWUpdaterSetup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1620905754\surnames.txt	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-et.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-ru.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-gu.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-nl.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-hu.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-hi.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-de-ch-1901.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\manifest.fingerprint	wavebrowser.exe
File created	C:\Program Files (x86)\Wavesor\Temp\GUMDE2C.tmp\SWUpdaterSetup.exe	SWUpdaterSetup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1620905754\manifest.json	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-pt.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-mr.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-hy.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\manifest.json	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-sv.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-sk.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-mul-ethi.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-es.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-bg.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1622138280\manifest.fingerprint	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-sq.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-nn.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-lv.hyb	wavebrowser.exe
File created	C:\Program Files (x86)\Wavesor\Temp\GUMDE2C.tmp\SWUpdaterComRegisterShell64.exe	SWUpdaterSetup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-mn-cyrl.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-nb.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-cu.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-be.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-ta.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-pa.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1620905754\female_names.txt	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-sl.hyb	wavebrowser.exe
File created	C:\Program Files (x86)\Wavesor\Temp\GUMDE2C.tmp\psuser.dll	SWUpdaterSetup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1620905754\passwords.txt	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-eu.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-as.hyb	wavebrowser.exe
File created	C:\Program Files (x86)\Wavesor\Temp\GUMDE2C.tmp\SWUpdaterCore.exe	SWUpdaterSetup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-te.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-ga.hyb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1622138280\safety_tips.pb	wavebrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1622138280\_metadata\verified_contents.json	wavebrowser.exe
File opened for modification	C:\Program Files (x86)\Wavesor\Temp\GUTDE3D.tmp	SWUpdaterSetup.exe
File created	C:\Program Files (x86)\Wavesor\Temp\GUMDE2C.tmp\SWUpdaterOnDemand.exe	SWUpdaterSetup.exe

Executes dropped EXE 64 IoCs

Processes:

SWUpdaterSetup.exeSWUpdater.exeSWUpdater.exeSWUpdaterComRegisterShell64.exeSWUpdaterComRegisterShell64.exeSWUpdaterComRegisterShell64.exeSWUpdater.exeSWUpdater.exeSWUpdater.exeWaveInstaller-v1.5.18.3.exesetup.exesetup.exesetup.exesetup.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exeSWUpdater.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exe

pid	process
5960	SWUpdaterSetup.exe
2812	SWUpdater.exe
844	SWUpdater.exe
2028	SWUpdaterComRegisterShell64.exe
3648	SWUpdaterComRegisterShell64.exe
5444	SWUpdaterComRegisterShell64.exe
4692	SWUpdater.exe
3168	SWUpdater.exe
404	SWUpdater.exe
2688	WaveInstaller-v1.5.18.3.exe
2684	setup.exe
5364	setup.exe
412	setup.exe
1260	setup.exe
4116	wavebrowser.exe
4532	wavebrowser.exe
5972	wavebrowser.exe
5928	wavebrowser.exe
5832	wavebrowser.exe
1468	wavebrowser.exe
3512	wavebrowser.exe
1196	SWUpdater.exe
3240	wavebrowser.exe
1784	wavebrowser.exe
4268	wavebrowser.exe
5572	wavebrowser.exe
764	wavebrowser.exe
1420	wavebrowser.exe
3912	wavebrowser.exe
1840	wavebrowser.exe
4732	wavebrowser.exe
864	wavebrowser.exe
6132	wavebrowser.exe
5812	wavebrowser.exe
972	wavebrowser.exe
3696	wavebrowser.exe
3368	wavebrowser.exe
2740	wavebrowser.exe
3604	wavebrowser.exe
5392	wavebrowser.exe
5384	wavebrowser.exe
5512	wavebrowser.exe
1332	wavebrowser.exe
2900	wavebrowser.exe
2948	wavebrowser.exe
3808	wavebrowser.exe
5296	wavebrowser.exe
5492	wavebrowser.exe
5784	wavebrowser.exe
6000	wavebrowser.exe
1300	wavebrowser.exe
3600	wavebrowser.exe
3008	wavebrowser.exe
3984	wavebrowser.exe
5240	wavebrowser.exe
960	wavebrowser.exe
5444	wavebrowser.exe
764	wavebrowser.exe
3380	wavebrowser.exe
5336	wavebrowser.exe
3692	wavebrowser.exe
3088	wavebrowser.exe
5512	wavebrowser.exe
5556	wavebrowser.exe

Loads dropped DLL 64 IoCs

Processes:

SWUpdater.exeSWUpdater.exeSWUpdaterComRegisterShell64.exeSWUpdaterComRegisterShell64.exeSWUpdaterComRegisterShell64.exeSWUpdater.exeSWUpdater.exeSWUpdater.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exeSWUpdater.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exewavebrowser.exe

pid	process
2812	SWUpdater.exe
844	SWUpdater.exe
2028	SWUpdaterComRegisterShell64.exe
844	SWUpdater.exe
3648	SWUpdaterComRegisterShell64.exe
844	SWUpdater.exe
5444	SWUpdaterComRegisterShell64.exe
844	SWUpdater.exe
4692	SWUpdater.exe
3168	SWUpdater.exe
404	SWUpdater.exe
404	SWUpdater.exe
3168	SWUpdater.exe
4116	wavebrowser.exe
4532	wavebrowser.exe
4116	wavebrowser.exe
5972	wavebrowser.exe
5928	wavebrowser.exe
5972	wavebrowser.exe
5928	wavebrowser.exe
5972	wavebrowser.exe
5972	wavebrowser.exe
5972	wavebrowser.exe
5832	wavebrowser.exe
5832	wavebrowser.exe
5972	wavebrowser.exe
5972	wavebrowser.exe
5972	wavebrowser.exe
1468	wavebrowser.exe
1468	wavebrowser.exe
3512	wavebrowser.exe
3512	wavebrowser.exe
1196	SWUpdater.exe
3240	wavebrowser.exe
1784	wavebrowser.exe
1784	wavebrowser.exe
3240	wavebrowser.exe
764	wavebrowser.exe
1420	wavebrowser.exe
764	wavebrowser.exe
4732	wavebrowser.exe
1420	wavebrowser.exe
4732	wavebrowser.exe
3912	wavebrowser.exe
864	wavebrowser.exe
6132	wavebrowser.exe
864	wavebrowser.exe
6132	wavebrowser.exe
5812	wavebrowser.exe
5812	wavebrowser.exe
1840	wavebrowser.exe
3912	wavebrowser.exe
4268	wavebrowser.exe
5572	wavebrowser.exe
5572	wavebrowser.exe
972	wavebrowser.exe
972	wavebrowser.exe
3696	wavebrowser.exe
3368	wavebrowser.exe
3368	wavebrowser.exe
2740	wavebrowser.exe
2740	wavebrowser.exe
1840	wavebrowser.exe
3696	wavebrowser.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

SWUpdater.exeSWUpdater.exeSWUpdaterOnDemand.exeSWUpdaterSetup.exeSWUpdater.exeSWUpdater.exeWaveInstaller-v1.5.18.3.exeSWUpdater.exeSWUpdater.exeSWUpdater.exeSWUpdater.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SWUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SWUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SWUpdaterOnDemand.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SWUpdaterSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SWUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SWUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveInstaller-v1.5.18.3.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SWUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SWUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SWUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SWUpdater.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs
Adversaries may check for Internet connectivity on compromised systems.
discovery

Internet Connection Discovery
T1016.001

Processes:

SWUpdater.exeSWUpdater.exe

pid process

4692 SWUpdater.exe
1196 SWUpdater.exe

pid	process
4692	SWUpdater.exe
1196	SWUpdater.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

wavebrowser.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	wavebrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	wavebrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	wavebrowser.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

wavebrowser.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133704075354073310"	wavebrowser.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	wavebrowser.exe

Modifies registry class 64 IoCs

Processes:

SWUpdaterComRegisterShell64.exeSWUpdaterComRegisterShell64.exeSWUpdater.exesetup.exeSWUpdaterComRegisterShell64.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{E4E4854F-9D7B-4120-A207-CF52C875F08E}\ProxyStubClsid32	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{068FAC78-4F23-4F74-99A0-F7C4797D5ECA}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}"	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{C5E89508-3927-4EF5-A3B3-C479F0D4E36F}\ProxyStubClsid32	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\WOW6432Node\Interface\{CEF9DF20-AE5B-4A54-B479-9C2AFC1C2683}	SWUpdater.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{64A19E70-BCFF-4808-A320-774FD11571E5}\NumMethods	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{2C53B9D4-A718-4972-B28E-2E7AF1055602}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}"	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{92333BDA-3022-4A7F-8858-081260EA85DE}\ = "ICredentialDialog"	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\.shtml\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{3BE77C6E-0029-4F24-B677-32C9E15CD8F1}	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\WavesorSWUpdater.Update3COMClassUser\CurVer	SWUpdater.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\WOW6432Node\CLSID\{30FB944E-9455-49DD-81C6-7542E47AA3E7}\LocalServer32	SWUpdater.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{CEF9DF20-AE5B-4A54-B479-9C2AFC1C2683}\ = "IPolicyStatus"	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{0D311A22-BD24-4C7A-8FC1-117F8D62A781}	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{7DFF302B-EA41-49F8-97B1-9413CEF98C68}\NumMethods\ = "10"	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{B2083DCC-1D29-45E6-8386-BEE1488D11AA}\ = "IAppBundleWeb"	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{C5E89508-3927-4EF5-A3B3-C479F0D4E36F}\NumMethods	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{CEF9DF20-AE5B-4A54-B479-9C2AFC1C2683}\NumMethods\ = "16"	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\WOW6432Node\CLSID\{1BE9D40C-2307-4213-830E-7E3CE9EDF0C2}	SWUpdater.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\WOW6432Node\CLSID\{3C41B0C4-B5B6-4293-BED4-C927CCFDB909}	SWUpdater.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InProcServer32\ = "C:\\Users\\Admin\\Wavesor Software\\SWUpdater\\1.3.135.0\\psuser_64.dll"	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{2C53B9D4-A718-4972-B28E-2E7AF1055602}\NumMethods	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\WaveBrwsHTM.3NL5LYJH2TJ5VRVNR6MLCAJ4SE\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{CEF9DF20-AE5B-4A54-B479-9C2AFC1C2683}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}"	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\WOW6432Node\Interface\{E44B162B-4287-40B0-8E7A-6E251D80B3DF}\ProxyStubClsid32	SWUpdater.exe
Key deleted	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\CLSID\{DB982438-E7B9-46E1-AF0F-CFD8947957E8}\InprocHandler32	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{2C53B9D4-A718-4972-B28E-2E7AF1055602}\ProxyStubClsid32	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\WavesorSWUpdater.CredentialDialogUser.1.0	SWUpdater.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{C0151E6C-8D24-485D-BEC8-B6C6C82E26E8}	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{62A51DF2-CCB8-4DD9-9069-34B8461617FC}\NumMethods\ = "10"	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{CEF9DF20-AE5B-4A54-B479-9C2AFC1C2683}\NumMethods	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{44367D77-92C0-45E8-840D-0C098E650CE8}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}"	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\WOW6432Node\CLSID\{D12748C8-5013-45E2-9A24-2FB7C2EEFB7C}\ProgID\ = "WavesorSWUpdater.CredentialDialogUser.1.0"	SWUpdater.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\.xht	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\.webp\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{E053F7BD-D525-49F4-9ADE-5D7E6FCEE775}\ = "IGoogleUpdateCore"	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\WOW6432Node\Interface\{50363C3E-2FB2-4EC0-A827-CD3314F526C5}	SWUpdater.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{E4E159E0-7B9C-4D75-AC11-A80628173DE3}\NumMethods\ = "8"	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\WOW6432Node\Interface\{E44DDEE0-3097-499E-9DD5-7D5D5DCC401D}\NumMethods\ = "8"	SWUpdater.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{44367D77-92C0-45E8-840D-0C098E650CE8}\NumMethods	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{B2083DCC-1D29-45E6-8386-BEE1488D11AA}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}"	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{E4E159E0-7B9C-4D75-AC11-A80628173DE3}\ProxyStubClsid32	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\WOW6432Node\Interface\{DDF98EF0-2728-4A8D-8B0F-32627DC56437}\NumMethods	SWUpdater.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\WavesorSWUpdater.CredentialDialogUser	SWUpdater.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\CLSID\{DB982438-E7B9-46E1-AF0F-CFD8947957E8}\InprocHandler32\ThreadingModel = "Both"	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{50363C3E-2FB2-4EC0-A827-CD3314F526C5}	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{CFDE680E-8700-4808-BAAF-8B1F50F2CC87}\ProxyStubClsid32	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{0D311A22-BD24-4C7A-8FC1-117F8D62A781}\NumMethods	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{E4E159E0-7B9C-4D75-AC11-A80628173DE3}\NumMethods\ = "8"	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\WavesorSWUpdater.Update3WebUser\CurVer	SWUpdater.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\wavebrowser\shell\open\command	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{DA4EFC2D-B243-4BA8-8A14-8937D867B699}\ProxyStubClsid32	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{E4E4854F-9D7B-4120-A207-CF52C875F08E}\ProxyStubClsid32	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{617E37E1-AC79-4162-BACC-C797A1D31D3E}\ = "IGoogleUpdate"	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\WOW6432Node\Interface\{3BE77C6E-0029-4F24-B677-32C9E15CD8F1}\ProxyStubClsid32	SWUpdater.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\WOW6432Node\Interface\{D3C865DD-E36B-432E-9E47-554925B86737}\NumMethods	SWUpdater.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{44367D77-92C0-45E8-840D-0C098E650CE8}	SWUpdaterComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\WavesorSWUpdater.OnDemandCOMClassUser.1.0\CLSID	SWUpdater.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\WavesorSWUpdater.PolicyStatusUser.1.0\CLSID\ = "{3C41B0C4-B5B6-4293-BED4-C927CCFDB909}"	SWUpdater.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\WOW6432Node\Interface\{0D311A22-BD24-4C7A-8FC1-117F8D62A781}\ProxyStubClsid32\ = "{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}"	SWUpdater.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{D669BD5D-A9B6-47FD-B558-81508AEF48C4}\ProxyStubClsid32	SWUpdaterComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Interface\{068FAC78-4F23-4F74-99A0-F7C4797D5ECA}\NumMethods\ = "41"	SWUpdaterComRegisterShell64.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

SWUpdater.exesetup.exewavebrowser.exe

pid	process
2812	SWUpdater.exe
2812	SWUpdater.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2812	SWUpdater.exe
2812	SWUpdater.exe
2812	SWUpdater.exe
2812	SWUpdater.exe
2044	wavebrowser.exe
2044	wavebrowser.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 39 IoCs

Processes:

wavebrowser.exe

pid	process
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Wave Browser.exeSWUpdater.exewavebrowser.exe

description	pid	process
Token: SeDebugPrivilege	2332	Wave Browser.exe
Token: SeDebugPrivilege	2812	SWUpdater.exe
Token: SeDebugPrivilege	2812	SWUpdater.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe
Token: SeCreatePagefilePrivilege	4116	wavebrowser.exe
Token: SeShutdownPrivilege	4116	wavebrowser.exe

Suspicious use of FindShellTrayWindow 31 IoCs

Processes:

setup.exewavebrowser.exe

pid	process
412	setup.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe

Suspicious use of SendNotifyMessage 27 IoCs

Processes:

wavebrowser.exe

pid	process
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe
4116	wavebrowser.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Wave Browser.exeSWUpdaterSetup.exeSWUpdater.exeSWUpdater.exeSWUpdater.exeWaveInstaller-v1.5.18.3.exesetup.exesetup.exewavebrowser.exe

description	pid	process	target process
PID 2332 wrote to memory of 5960	2332	Wave Browser.exe	SWUpdaterSetup.exe
PID 2332 wrote to memory of 5960	2332	Wave Browser.exe	SWUpdaterSetup.exe
PID 2332 wrote to memory of 5960	2332	Wave Browser.exe	SWUpdaterSetup.exe
PID 5960 wrote to memory of 2812	5960	SWUpdaterSetup.exe	SWUpdater.exe
PID 5960 wrote to memory of 2812	5960	SWUpdaterSetup.exe	SWUpdater.exe
PID 5960 wrote to memory of 2812	5960	SWUpdaterSetup.exe	SWUpdater.exe
PID 2812 wrote to memory of 844	2812	SWUpdater.exe	SWUpdater.exe
PID 2812 wrote to memory of 844	2812	SWUpdater.exe	SWUpdater.exe
PID 2812 wrote to memory of 844	2812	SWUpdater.exe	SWUpdater.exe
PID 844 wrote to memory of 2028	844	SWUpdater.exe	SWUpdaterComRegisterShell64.exe
PID 844 wrote to memory of 2028	844	SWUpdater.exe	SWUpdaterComRegisterShell64.exe
PID 844 wrote to memory of 3648	844	SWUpdater.exe	SWUpdaterComRegisterShell64.exe
PID 844 wrote to memory of 3648	844	SWUpdater.exe	SWUpdaterComRegisterShell64.exe
PID 844 wrote to memory of 5444	844	SWUpdater.exe	SWUpdaterComRegisterShell64.exe
PID 844 wrote to memory of 5444	844	SWUpdater.exe	SWUpdaterComRegisterShell64.exe
PID 2812 wrote to memory of 4692	2812	SWUpdater.exe	SWUpdater.exe
PID 2812 wrote to memory of 4692	2812	SWUpdater.exe	SWUpdater.exe
PID 2812 wrote to memory of 4692	2812	SWUpdater.exe	SWUpdater.exe
PID 2812 wrote to memory of 3168	2812	SWUpdater.exe	SWUpdater.exe
PID 2812 wrote to memory of 3168	2812	SWUpdater.exe	SWUpdater.exe
PID 2812 wrote to memory of 3168	2812	SWUpdater.exe	SWUpdater.exe
PID 404 wrote to memory of 2688	404	SWUpdater.exe	WaveInstaller-v1.5.18.3.exe
PID 404 wrote to memory of 2688	404	SWUpdater.exe	WaveInstaller-v1.5.18.3.exe
PID 404 wrote to memory of 2688	404	SWUpdater.exe	WaveInstaller-v1.5.18.3.exe
PID 2688 wrote to memory of 2684	2688	WaveInstaller-v1.5.18.3.exe	setup.exe
PID 2688 wrote to memory of 2684	2688	WaveInstaller-v1.5.18.3.exe	setup.exe
PID 2684 wrote to memory of 5364	2684	setup.exe	setup.exe
PID 2684 wrote to memory of 5364	2684	setup.exe	setup.exe
PID 2684 wrote to memory of 412	2684	setup.exe	setup.exe
PID 2684 wrote to memory of 412	2684	setup.exe	setup.exe
PID 412 wrote to memory of 1260	412	setup.exe	setup.exe
PID 412 wrote to memory of 1260	412	setup.exe	setup.exe
PID 2684 wrote to memory of 4116	2684	setup.exe	wavebrowser.exe
PID 2684 wrote to memory of 4116	2684	setup.exe	wavebrowser.exe
PID 4116 wrote to memory of 4532	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 4532	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 5972	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 5972	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 5972	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 5972	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 5972	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 5972	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 5972	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 5972	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 5972	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 5972	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 5972	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 5972	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 5972	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 5972	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 5972	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 5972	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 5972	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 5972	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 5972	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 5972	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 5972	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 5972	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 5972	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 5972	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 5972	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 5972	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 5972	4116	wavebrowser.exe	wavebrowser.exe
PID 4116 wrote to memory of 5972	4116	wavebrowser.exe	wavebrowser.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Wave Browser.exe
"C:\Users\Admin\AppData\Local\Temp\Wave Browser.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe" /install "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:5960
- - C:\Program Files (x86)\Wavesor\Temp\GUMDE2C.tmp\SWUpdater.exe
    "C:\Program Files (x86)\Wavesor\Temp\GUMDE2C.tmp\SWUpdater.exe" /install "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1"
    3⤵
    - Adds Run key to start application
    - Checks whether UAC is enabled
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2812
  - - C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe
      "C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /regserver
      4⤵
      Checks whether UAC is enabled
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:844
    - - C:\Users\Admin\Wavesor Software\SWUpdater\1.3.135.0\SWUpdaterComRegisterShell64.exe
        
        "C:\Users\Admin\Wavesor Software\SWUpdater\1.3.135.0\SWUpdaterComRegisterShell64.exe" /user
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2028
    - - C:\Users\Admin\Wavesor Software\SWUpdater\1.3.135.0\SWUpdaterComRegisterShell64.exe
        
        "C:\Users\Admin\Wavesor Software\SWUpdater\1.3.135.0\SWUpdaterComRegisterShell64.exe" /user
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3648
    - - C:\Users\Admin\Wavesor Software\SWUpdater\1.3.135.0\SWUpdaterComRegisterShell64.exe
        
        "C:\Users\Admin\Wavesor Software\SWUpdater\1.3.135.0\SWUpdaterComRegisterShell64.exe" /user
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:5444
  - - C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe
      "C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTM1LjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzUuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9InszM0RBMkVGOC04QzIxLTREM0EtQkEzRS03NjVDQkM5NkE1NTF9IiB1c2VyaWQ9IntiNWRiOGJiMC1hNWNmLTRiNTYtOWRkZi1jZGFkNjUzYmQzYmV9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHJlcXVlc3RpZD0ie0ZGMjU5RDM3LTU4OEMtNEZFMi1BQkU2LUNCOEY1NzczNTMyM30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7RjZGNjBBQ0UtNzFBRC00NjEwLTgwRDQtOTI1MzcyOUZCNEI3fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjEzNS4wIiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNzAzIi8-PC9hcHA-PC9yZXF1ZXN0Pg
      4⤵
      Checks whether UAC is enabled
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      PID:4692
  - - C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe
      "C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /handoff "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1" /installsource otherinstallcmd /sessionid "{33DA2EF8-8C21-4D3A-BA3E-765CBC96A551}"
      4⤵
      Checks whether UAC is enabled
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:3168

C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe
"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" -Embedding
1⤵
- Checks whether UAC is enabled
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:404
- C:\Users\Admin\Wavesor Software\SWUpdater\Install\{3C43A414-3E1E-4222-8A43-0054D79897D2}\WaveInstaller-v1.5.18.3.exe
  "C:\Users\Admin\Wavesor Software\SWUpdater\Install\{3C43A414-3E1E-4222-8A43-0054D79897D2}\WaveInstaller-v1.5.18.3.exe" /installerdata="C:\Users\Admin\AppData\Local\Temp\gui8EDE.tmp"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\Users\Admin\AppData\Local\Temp\nsf919E.tmp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\nsf919E.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\nsf919E.tmp\wavebrowser.packed.7z" --installerdata="C:\Users\Admin\AppData\Local\Temp\gui8EDE.tmp"
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\nsf919E.tmp\setup.exe
      C:\Users\Admin\AppData\Local\Temp\nsf919E.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.5.18.3 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff6cc38b370,0x7ff6cc38b37c,0x7ff6cc38b388
      4⤵
      Executes dropped EXE
      PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\nsf919E.tmp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\nsf919E.tmp\setup.exe" --verbose-logging --installerdata="C:\Users\Admin\AppData\Local\Temp\gui8EDE.tmp" --create-shortcuts=0 --install-level=0
      4⤵
      Executes dropped EXE
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:412
    - - C:\Users\Admin\AppData\Local\Temp\nsf919E.tmp\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\nsf919E.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.5.18.3 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff6cc38b370,0x7ff6cc38b37c,0x7ff6cc38b388
        5⤵
        Executes dropped EXE
        
        PID:1260
  - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
      "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --install-type=1 --from-installer
      4⤵
      Checks computer location settings
      Checks system information in the registry
      Drops file in Program Files directory
      Executes dropped EXE
      Loads dropped DLL
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:4116
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\WaveBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\WaveBrowser\User Data" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.5.18.3 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7ff88d59ccf0,0x7ff88d59ccfc,0x7ff88d59cd08
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4532
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=gpu-process --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1972,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=1968 /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5972
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --start-stack-profiler --field-trial-handle=2184,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=2192 /prefetch:3
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5928
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2316,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=2336 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5832
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2844,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=2904 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3240
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2852,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=3068 /prefetch:2
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1468
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3744,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=3800 /prefetch:8
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3512
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4492,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=3616 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1784
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4640,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4512 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:764
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4620,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4664 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1420
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4700,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=2348 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3912
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4572,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4584 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1840
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4560,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4936 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4268
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4548,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5064 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5572
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4536,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5176 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:972
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4600,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5296 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3696
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4576,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5412 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3368
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4552,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5528 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2740
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3080,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5644 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4732
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6360,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6372 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:864
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6364,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6208 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:6132
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6648,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6644 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5812
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6528,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6320 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:3604
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6176,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6164 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:5392
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6324,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7044 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:5384
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6308,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7192 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:5512
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7048,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7352 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:1332
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7340,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7380 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:3808
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7636,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7656 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:2900
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7652,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7684 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:2948
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7040,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7940 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:5296
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7344,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8100 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:5492
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8080,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8256 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:5784
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8244,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8240 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:6000
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8524,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8548 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:1300
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8392,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=3616 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:3600
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6004,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4652 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:3008
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8248,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6008 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:3984
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7628,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7624 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:5240
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7768,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7760 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:960
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=7464,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7812 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:5444
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7736,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7820 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:764
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7512,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9000 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:3380
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7380,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=3812 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:5336
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7524,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8240 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:3692
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8744,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7976 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:3088
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8728,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7284 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:5512
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6000,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7136 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:5556
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8916,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7100 /prefetch:8
        5⤵
        
        PID:556
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3948,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=4664 /prefetch:8
        5⤵
        
        PID:2248
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8692,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=6428 /prefetch:8
        5⤵
        
        PID:3484
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8568,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9148 /prefetch:8
        5⤵
        
        PID:5980
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3808,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8888 /prefetch:8
        5⤵
        
        PID:2244
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8508,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8112 /prefetch:8
        5⤵
        
        PID:3604
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8116,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8172 /prefetch:8
        5⤵
        
        PID:4748
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8104,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8304 /prefetch:8
        5⤵
        
        PID:4684
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9172,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8416 /prefetch:8
        5⤵
        
        PID:5732
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8516,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9272 /prefetch:8
        5⤵
        
        PID:864
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9420,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=8208 /prefetch:8
        5⤵
        
        PID:1992
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9572,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9580 /prefetch:8
        5⤵
        
        PID:1056
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9716,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9736 /prefetch:8
        5⤵
        
        PID:760
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9860,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10028 /prefetch:8
        5⤵
        
        PID:5384
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10160,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10176 /prefetch:8
        5⤵
        
        PID:4608
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6120,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10336 /prefetch:8
        5⤵
        
        PID:2948
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10324,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10320 /prefetch:8
        5⤵
        
        PID:4856
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9864,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10328 /prefetch:8
        5⤵
        
        PID:1716
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10752,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10764 /prefetch:8
        5⤵
        
        PID:2668
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10316,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=10904 /prefetch:8
        5⤵
        
        PID:4140
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10912,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11048 /prefetch:8
        5⤵
        
        PID:3852
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=11240,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11232 /prefetch:2
        5⤵
        Checks computer location settings
        
        PID:6552
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10748,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9984 /prefetch:8
        5⤵
        
        PID:6636
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6696,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11472 /prefetch:8
        5⤵
        
        PID:6648
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11388,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11744 /prefetch:8
        5⤵
        
        PID:6660
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11396,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11884 /prefetch:8
        5⤵
        
        PID:6672
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11404,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12032 /prefetch:8
        5⤵
        
        PID:6684
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11412,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12192 /prefetch:8
        5⤵
        
        PID:6696
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11420,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12216 /prefetch:8
        5⤵
        
        PID:6708
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11448,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12476 /prefetch:8
        5⤵
        
        PID:6728
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11452,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12616 /prefetch:8
        5⤵
        
        PID:6748
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11460,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12652 /prefetch:8
        5⤵
        
        PID:6768
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11468,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12792 /prefetch:8
        5⤵
        
        PID:6780
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9728,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=9904 /prefetch:8
        5⤵
        
        PID:6176
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11400,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=13064 /prefetch:8
        5⤵
        
        PID:6408
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --field-trial-handle=13148,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=13192 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:6280
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --field-trial-handle=13176,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11428 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:6340
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --field-trial-handle=13164,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=13452 /prefetch:2
        5⤵
        Checks computer location settings
        
        PID:6356
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=13200,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=13552 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:6380
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=13828,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=13840 /prefetch:2
        5⤵
        Checks computer location settings
        
        PID:6416
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --field-trial-handle=13848,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=13988 /prefetch:2
        5⤵
        Checks computer location settings
        
        PID:6440
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --field-trial-handle=13156,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=14128 /prefetch:2
        5⤵
        Checks computer location settings
        
        PID:6484
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --field-trial-handle=14324,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=14264 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:6624
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --field-trial-handle=13228,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=13788 /prefetch:2
        5⤵
        Checks computer location settings
        
        PID:6288
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --field-trial-handle=14624,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11792 /prefetch:2
        5⤵
        Checks computer location settings
        
        PID:1740
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --field-trial-handle=14652,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=13052 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:6868
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=14856,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=14576 /prefetch:8
        5⤵
        
        PID:2132
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --field-trial-handle=14572,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=15020 /prefetch:2
        5⤵
        Checks computer location settings
        
        PID:2044
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --field-trial-handle=15048,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=15332 /prefetch:2
        5⤵
        Checks computer location settings
        
        PID:6156
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=15476,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=15460 /prefetch:8
        5⤵
        
        PID:6492
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --field-trial-handle=15728,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=15856 /prefetch:2
        5⤵
        Checks computer location settings
        
        PID:6348
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --field-trial-handle=15180,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=15764 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:6360
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --field-trial-handle=15008,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=15484 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:7032
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --field-trial-handle=15004,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=15824 /prefetch:2
        5⤵
        Checks computer location settings
        
        PID:7056
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --field-trial-handle=16392,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=16472 /prefetch:2
        5⤵
        Checks computer location settings
        
        PID:4824
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=16332,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=16428 /prefetch:8
        5⤵
        
        PID:2976
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=15000,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=16424 /prefetch:8
        5⤵
        
        PID:6296
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=16748,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=16884 /prefetch:8
        5⤵
        
        PID:6592
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7864,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7840 /prefetch:8
        5⤵
        
        PID:6188
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --field-trial-handle=15488,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=7656 /prefetch:2
        5⤵
        Checks computer location settings
        
        PID:6824
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=12220,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=16200 /prefetch:8
        5⤵
        
        PID:1216
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=15324,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=15328 /prefetch:8
        5⤵
        
        PID:640
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=13784,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=14352 /prefetch:8
        5⤵
        
        PID:3928
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=15496,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5624 /prefetch:8
        5⤵
        
        PID:6188
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11228,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5520 /prefetch:8
        5⤵
        
        PID:6176
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11216,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=14352 /prefetch:8
        5⤵
        
        PID:6152
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=15408,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=15448 /prefetch:8
        5⤵
        
        PID:960
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --field-trial-handle=5672,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=12064 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:6156
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --field-trial-handle=1688,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=15308 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:960
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --field-trial-handle=16512,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=16560 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:808
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --field-trial-handle=15948,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=15848 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:6992
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --field-trial-handle=15380,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=15936 /prefetch:1
        5⤵
        Checks computer location settings
        
        PID:5948
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --field-trial-handle=16528,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=16312 /prefetch:2
        5⤵
        Checks computer location settings
        
        PID:5012
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=16552,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=15500 /prefetch:8
        5⤵
        
        PID:4732
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --field-trial-handle=12332,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=16468 /prefetch:2
        5⤵
        Checks computer location settings
        
        PID:5356
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=12124,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=16492 /prefetch:8
        5⤵
        
        PID:1304
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=932,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11924 /prefetch:8
        5⤵
        
        PID:3524
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=16468,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=11988 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2044
    - - C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe
        
        "C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6220,i,17810000391378266468,5510885331239707677,262144 --variations-seed-version=15 --mojo-platform-channel-handle=5840 /prefetch:8
        5⤵
        
        PID:1932
- C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe
  "C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTM1LjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzUuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9InszM0RBMkVGOC04QzIxLTREM0EtQkEzRS03NjVDQkM5NkE1NTF9IiB1c2VyaWQ9Ins1ZjY4N2VlNC0yM2JjLTRjY2UtOWM5ZS0xMjdiYWE0YjlkNjR9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHJlcXVlc3RpZD0iezQzOTI4NkNGLTQ3M0YtNEQzOS04RTc2LUVERjYxMThGRTQxQn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7RUIxNDlBRDItQ0U0RS00RjUxLUI3RkMtQTE0OUZBQTRDQ0FGfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS41LjE4LjMiIGxhbmc9ImVuIiBicmFuZD0iIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHBzOi8vY2RuLnN3dXBkYXRlci5jb20vYnVpbGQvV2F2ZUJyb3dzZXIvc3RhYmxlL3dpbi8xMTIwOTg3NjQzOTA3LzY0L1dhdmVJbnN0YWxsZXItdjEuNS4xOC4zLmV4ZSIgZG93bmxvYWRlZD0iMTAwODc0NDMyIiB0b3RhbD0iMTAwODc0NDMyIiBkb3dubG9hZF90aW1lX21zPSIzNjM4OSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9Ijc4MSIgZG93bmxvYWRfdGltZV9tcz0iMzcxMDgiIGRvd25sb2FkZWQ9IjEwMDg3NDQzMiIgdG90YWw9IjEwMDg3NDQzMiIgaW5zdGFsbF90aW1lX21zPSIxNjExOCIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Checks whether UAC is enabled
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1196

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:812

C:\Users\Admin\Wavesor Software\SWUpdater\1.3.135.0\SWUpdaterOnDemand.exe
"C:\Users\Admin\Wavesor Software\SWUpdater\1.3.135.0\SWUpdaterOnDemand.exe" -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:3484
- C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe
  "C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" /ondemand
  2⤵
  - Checks whether UAC is enabled
  - System Location Discovery: System Language Discovery
  PID:5980

C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe
"C:\Users\Admin\Wavesor Software\SWUpdater\SWUpdater.exe" -Embedding
1⤵
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
PID:3032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Wavesor\Temp\GUMDE2C.tmp\SWUpdater.exe

Filesize
108KB

MD5
b282ce9b81f606d1c6cbda554dcd4efa

SHA1
7554ca07096a2e410f2cd3c98beb7b7e6be27f3a

SHA256
1893941e9dd1ca1296e7f575a9442fa1cc53dfeaf2d1bc94d01608ba9e7e31bb

SHA512
9e71f3cb4ea67831dbee5bb4cbb2dbd9f8ff8ffd1158fe2fcac41c89169a9aa3236c8d163f7d4e9df5e2b70ba2be20fe3af97bef70be40f45dd11acb5b4bc184

Download Submit
C:\Program Files (x86)\Wavesor\Temp\GUMDE2C.tmp\SWUpdaterBroker.exe

Filesize
97KB

MD5
c209d2a5f427b8dbd6ec71d6e57c7e61

SHA1
8340f5b41fb70e01791f1c1518d0308084b2dd63

SHA256
76a54d6c150e7f38a08032a260eb5396c8df89ce9cef27f99a2a2bdf23d9f381

SHA512
b2f24a876ed8749642ad353a2b32168f7d5fdfbf0acf78aa39bc4615a96016350f92406e8a657d289bc448a62e0acfdc57004595ef945bcc5b813d1a67d32f89

Download Submit
C:\Program Files (x86)\Wavesor\Temp\GUMDE2C.tmp\SWUpdaterComRegisterShell64.exe

Filesize
190KB

MD5
b483bb4c375468cfdae4a2ed4e40d056

SHA1
27311ef3b6a323335f46c4e81889a77ffb1b3002

SHA256
df80d9477a45eb1ff233f3d361a1d82729c368987de14c09747df0f959184902

SHA512
0116e83611626c27099a0171654a4f24d64c0c901bc597bf168f889a300a1f3aa62ef48759a78081fa1add6d82a8dd63d94eeba1d828d1aefa8ef17d2b0fb141

Download Submit
C:\Program Files (x86)\Wavesor\Temp\GUMDE2C.tmp\SWUpdaterCore.exe

Filesize
208KB

MD5
c2540f15c66d32d867f8205e39ba5c2f

SHA1
7a835852b20e9721eab276543e0202465e702d07

SHA256
9b296f4894f4a969f2f3ce0c5c2ddb8eea503deb4919b23555fc3f04fa0aed41

SHA512
3e0cd859f84598a409370498ba601147559c42f77a685bb131080e92e3cb87af1fcb793711d4331ce880deae4491cef3969f9e996e17b63caa3aa1d98d6c13e9

Download Submit
C:\Program Files (x86)\Wavesor\Temp\GUMDE2C.tmp\SWUpdaterOnDemand.exe

Filesize
97KB

MD5
06dd62361bae24f8dac385c07c162b69

SHA1
ee385799aec954fe9fc3de7c81f48e7d2dd7eb71

SHA256
2700573511aa417faedc4767645ef3334f46e73195f164a960c474717a3e0b0c

SHA512
45d3c62f51f17231c561848da47ee2a9865130e98a38bab3afd4c048bcaf739ebd556922112f675b4635fb771331720bc971149168153800a6581ff20272d830

Download Submit
C:\Program Files (x86)\Wavesor\Temp\GUMDE2C.tmp\psmachine.dll

Filesize
259KB

MD5
13ed360db95682e27c69f74912f17140

SHA1
7519f2202e581defb7be93716d461470c1d91270

SHA256
0d2e7bf4108138bd73343d7415181b20c4656e57716ca9bbb07b4ba9ed04e1b6

SHA512
0f783fb106a68f532cf5f6d4be0f96233ea61441b8785206c49f1f2dc409c5a5f3976ac3f0244231e88c9113dd04f227069501d8217f7a254e180dde5bf4ffcd

Download Submit
C:\Program Files (x86)\Wavesor\Temp\GUMDE2C.tmp\psmachine_64.dll

Filesize
323KB

MD5
d75403c05d96bed42e8e27d1e735e6e5

SHA1
7be275392bc5dab44818ddc48039bd2356605b69

SHA256
04dd87e70d8cdefae35953763a23ac30fd9d8b5ebcf424173f001e2c1889c08e

SHA512
b2e96840aabeb1677a225b2789104bb923125c8752f6e5a55d6c9074c381974b48232e0c0e419e0f4398480ba411f2e3843dfb092553fb32bb6bedea1095be82

Download Submit
C:\Program Files (x86)\Wavesor\Temp\GUMDE2C.tmp\psuser.dll

Filesize
259KB

MD5
db8b356ab2314b130b4b85593576de14

SHA1
f89395e6bc1ea5ec03f2a8aac940218d9e3b8a52

SHA256
8a412a690343346783c19967ed0ad7e1d8a1e6e31015c62828e792fb0a5ea626

SHA512
769eb74dec2658053b7bbfbe4393fbcaf6598c41fdc894817b2db4b0a5eaa8748a174ffc7b41958ae7de10bf8c5db930fd2d783f32ee07c5c1f234b2bf41eb88

Download Submit
C:\Program Files (x86)\Wavesor\Temp\GUMDE2C.tmp\psuser_64.dll

Filesize
323KB

MD5
7f956dd9ae7c4d18789c62f545e21295

SHA1
1a9792cd0280e20c06555e2c82df8767aedd9acb

SHA256
9362a40da1c9ee1b600311eb2aa0f732299dd68e693254ed118a4dc5273b813e

SHA512
bacb1e1f829a1f1e28527468397d45ac9010f63f810eb73ec98546dc00f967e91b37b1ed087a86f0db6aa0249551d04188f1a8f24e0c78593f3333f49be8f925

Download Submit
C:\Program Files (x86)\Wavesor\Temp\GUMDE2C.tmp\swupdater.dll

Filesize
1.0MB

MD5
9d66c62b0a6b9d86b2c90d45d0655701

SHA1
93b230c4c942ed55a84c5a1e744e924bf988ad82

SHA256
ab9b3eba2befb88ab1919fe47ab74d181abd7c85851164bcf8f200e7c0db3a54

SHA512
a5484333485823db0f7f11c978e2e110294ce8e9a212d3d6c7b56a1a160cdf33a8db0146809e52e5287d75fd474307224d6987d17b482da293a4491bb1e5e360

Download Submit
C:\Program Files (x86)\Wavesor\Temp\GUMDE2C.tmp\swupdaterres_en.dll

Filesize
42KB

MD5
4c638b6d2d9e243ee521ec29297728d2

SHA1
142b6487238f0a00d016f73eda5dc7800e687891

SHA256
4df4cf6c745ee927376ac7b1cc6baa9b7a749f60ce20e27b3bed209295849d6f

SHA512
accb61833b6c6172768d4721c1124ebe10eae77224c2f939f33988562b5a299f3a65c6dcd5c9c3169a4831ad4873a8c1ad4dfe3340156398760535ced4bdc588

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1464393340\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1620905754\manifest.json

Filesize
69B

MD5
fb195043cfc35ce711b45934e387267b

SHA1
6f1aaafee57a3da2687e9fc8defe2dbc7cba0e07

SHA256
aeb364b60303212808fac02eb490ee5b054ae843ce084376e5981ef8767e5198

SHA512
bd7fee1d6f8e51137c849d76ff53f3b501d60ddce83cce18f3a217703d3d8b1a1cc7696b656c666d4f6de62a17ea2407c857137d12e0b6ac7bcdde4b3c8ff86b

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4116_1622138280\manifest.json

Filesize
72B

MD5
cbcf1e049baa641214ccdac52c2a37d1

SHA1
19d816989b5cb024c18704b399ea201075ac0da3

SHA256
f6e4d7cf15af2769765e1da47b200da55d2c52f3562d31fa54594820d00d1e00

SHA512
bc838cd8017acdbda355ee2a3d10d196aefc19c38eaa9f5ffa3be341e340c9f9d0ef0a19c5092f445d761819a3314fff6ee67015b28c7d413a06ecf4baf6513a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

Filesize
1KB

MD5
0e1124cbed029c1f25e8a6ee24eff2e7

SHA1
1340d41e9ecfe7781ec3b25382bfcd0ef884e5c8

SHA256
de762fcf62af338b0f9cc76ec68d500745d21d582c0d641ec20fef6e62982f28

SHA512
1f988ec79c3e5c8a7da35f717a241cc40983f6474fa77f319a6ecb2326ab14ef53eb5b4ad5992e178696ad75a5ae29b58160d44f47d154db775496c278b12776

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
2KB

MD5
8c33ffd2fe7b792e27116a6e4000652e

SHA1
98855c49c3ae38cbcee00c856d528126d6c23c01

SHA256
dd88adfeb9f49c7ca4d43815300c521cfc79f22a4796c203b78145c6a68bcf0a

SHA512
334d946ce144bb1e96f4af3608c611683e17ccc3f4426afc2a4f3716005fe947be54339f3c28f0e7333515022cc719343cc40b6627417803f406953ada2a20a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
1KB

MD5
a88e6faf212fe2c5830fa54c14d1c3a0

SHA1
a45cac22d342cf7f7a985eafd099069a7b6ddc99

SHA256
0929d04f3b59440532151d3aa12449b298a0d60ccd99ffbb231e7db4a66470f1

SHA512
3b92f7dfd842b7b1455a4e8521e4c5c3f44857df1543da4169421a989083f0e388ecbe83e97dbfc2d3a3d3cdbddd17edcac6fb14b885677e58ea59ed672eab4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F53EB4E574DE32C870452087D92DBEBB_F0096780D2F963E9AD492E034FE7CCEB

Filesize
471B

MD5
c4c4e55984c024d1a121a134fa87c6de

SHA1
e3c3f8f0357e870b0557ef54b8689146d2fbf189

SHA256
5f111796c0f2147cebf76f5d3ca3ce640e0787d772a1b3fa195d631d5e8208d6

SHA512
98642427b2d19bfa3863a1d76fc151feff1ed9fc906552eb5fc6dc069d30c4143185f8dd36e2a9da681f1f658c7dac94514d2ec3db51f61cdc181cc13259ec22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

Filesize
434B

MD5
44efe712ed69ebc18f2979ab1e2b6faf

SHA1
d2353cf1104fcf144722e7c10c0ae48751d42635

SHA256
3d4b640fb66763076c57f3e9a2533f0c05c21be5c06236ef8680519eb5485384

SHA512
db2858c06022f96801c1c61266b1a8868bac645623ba1fd40eb2635a7ca1be8283da22bdb512d33b4e2e2ad628e272d3fe4ded7134b87dba0460fed65bdd3d81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
458B

MD5
3213a76b3b2838b3c650540f22f86ade

SHA1
6890616961efa329aef51e73d87ced65a8a8d5fb

SHA256
66134e3cfc1a85bc756c35c517b5e2581c742452b7a05f8a518e219fa6ad4463

SHA512
9c7fef754baa083e2073aee680238d99987329a43febf22eae251c7e7b2781cffeb349c3cf176fc662f7a46058a10094c504c5341952aa57da04d50e4971d751

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
432B

MD5
4c25cfab4e8bd4299f1b66487fd87305

SHA1
354272f7edf2db23f25a491e4bc5c02a0c483857

SHA256
2ec1a814824a58b7ba3a6b11d14a6af4ccf20409a9995779a4fed32fd056622a

SHA512
71dbf6722da42d9025e782d1c90c4787cb4e503799dc55379ea4de4254a007055beb663a6291386fabccd7c328775a74ec4e1a5a7adeedb8d6264942b569c9af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F53EB4E574DE32C870452087D92DBEBB_F0096780D2F963E9AD492E034FE7CCEB

Filesize
426B

MD5
9440ad1df246c8058d0c3898520b8d94

SHA1
a6ff0ce1e93894f302ca5abc1b6248ec9d5b6855

SHA256
eb172d5af5e557e4aee563a5d04098af47b423a8d9bc2372e34e09795dc47084

SHA512
78d0eabef367c5fc0e90850a7922609271b25003fdbcc1c6a1f12a1cc395bec9b65a051eef33d713e6beab39e2176cea435c9aa357d151b4c22e9f54c41ccc06

Download Submit
C:\Users\Admin\AppData\Local\Temp\46b06b0b-9720-49f8-82ec-ee44f251d2e7.tmp

Filesize
856KB

MD5
04398d23bf4733785de3a5ca05ad80c5

SHA1
72b193836a47aa3f0b7182de92a6a3f6f862131e

SHA256
a89ea036242d4e3345ad54ea9bcdb5c73ee5b78fa320996398bab4ae46cb578e

SHA512
1e7ba8e738c16af9267e7f9da427c23f2159214839d6e59bff66228375e9c7aea0f86c1ebd352cae248fd8508f762c1e81dd680e27cf7c1b5bd8084ab383148a

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c2f158b-1e7b-4881-a5be-dfeb85925f45.tmp

Filesize
377KB

MD5
797684f924e5887fd19bf3e3db752b77

SHA1
e19a6086c2e87eac03c802737f40e7ff842fa44f

SHA256
1dc3edd13c8c702426d614addf5ef1b5380cb78b7bff7886943c21c354cada0a

SHA512
bddf7202395db21d5dceb3f91338dab3f85586abff64ce78ab7df369b8b17b5fc337f2318822701c652383f7cb009da2a1e931f15676cdf1f9b3011b815625eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\730b6713-18e4-4c1d-bf62-d75151d1f52c.tmp

Filesize
1.2MB

MD5
7a3bc6142be9b7c9664464759974c08b

SHA1
7055fe5cf3e31a24687c3fcbc06394eaf097c6ae

SHA256
446839b455f486943d42e46c8230b6b00d59943de94449fc418ee626aba4dbef

SHA512
c881916068cfbd73425e1a6662d1049f02b8f1ed34b8546a9555d43b2b05ac3507e94f996435123a7694a2f2ddc4ef9f97d839b9a9584ae3ebca37f1b45d63cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Wave\SWUpdaterSetup.exe

Filesize
797KB

MD5
d083a07a3dca2d0ea5ddb0e959fb8ff4

SHA1
86f3f43729db553d45b728b1409b73d3de5a5915

SHA256
05e1c6babb787f24d8a60f8ded2c216c9bc2956970d75073a71139fe168a122f

SHA512
d16259a1fcb29def140e9e1768b99d973b434c97bf7b09bd0d223143a622ee720d2531a84dd4edf082300fb5f4f00812e418c0131b196375821e612bf34f7aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\dde68b6b-8f0a-4ba8-a5b2-892067a1a461.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\gui8EDE.tmp

Filesize
1KB

MD5
d84489371a9426dca0cb2e83daf6bf0b

SHA1
be3e8c9c84d469d2bae344f8c6f8ee484812d6ba

SHA256
5e1cede4ea5c266fd4ecbd3feb9f6b7a518705c7af061caea58b71e4833caf3b

SHA512
50abee7939bfff66986da51b890a80018551f9a91286dd30b3ceebaa6f327bd2e4f66ac5ec6dc9378d001a5a637a69f4f1325d22b19fc0c89c0f573b54fa0f49

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf919E.tmp\setup.exe

Filesize
3.7MB

MD5
d6b98af80e3195aaf34a2ee9c8934419

SHA1
1d7edeb2f2182cc46de5475114d6f250ac36c2f6

SHA256
08fcffbf9f6b2a76c51daa787d590c9eb02602c8671952641719ac68e5f4440c

SHA512
d6442cf595dc9c8fc6eba3ade22e770775e28c32c68624da5b4df76400d82b87c59b50ce8cec8f36aa1109012b3b21b4312e403bef000d136e0bf24df8d6efc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3512_1073224755\Sync Data\LevelDB\LOG.old

Filesize
326B

MD5
ce6450964217ad2241069f06f16e706f

SHA1
a8d64f3e544ef184feb9df604e9d47dd29a39ce3

SHA256
5aa08af186f8ef69c2cfc1001ac977fbfba77c7f971b72526786807655da16ed

SHA512
ee70424dbeab3996cb7f96defbebfded045760ed242649862b5d2adb9a9c61bbe7a5212ed73d81e65408a5bd1cbca0576afe025e73e8ace16df880c6e2b56cc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4116_1071659247\CRX_INSTALL\css\fb.css

Filesize
40B

MD5
c862cbbc1b82064465f98482ef73948b

SHA1
0e49a12b9d1fd903e0c44cfe9c9db0ae7a5b50fc

SHA256
988dfba4289e28ef42d0ce93bae58926ae7a9528de7bdf97898d1c2cd2f2016c

SHA512
12befd2966f25464dd21377d89b5d3c9b8fd9abaa8f257fe88bd1d80759fc5375439e6160f99dff7ec7a61135d9616992b611b63d1a6e094fe2eb29e23420559

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4116_1071659247\CRX_INSTALL\js\cs\fb.js

Filesize
3KB

MD5
35a10dd7924dc7a4205fb3807812896b

SHA1
53583f9a14b35a9529614f7cb8c2f26a3a2a31a4

SHA256
43cdb582f3881db7584ba1cab29ca88c74bf51819033ea88a02b0614e398ee8d

SHA512
a7220a4c8cf583c334d78c108b7da9402a79eb2c57c428c5f740f8b2c6c19ac1c761da8d57074f2b9cfb063da84410f6558a8b61f978d536d9ac48428448a681

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4116_1071659247\CRX_INSTALL\js\cs\lp.js

Filesize
3KB

MD5
b6ddadfa381c9d9297812d2dca3d92bc

SHA1
9f83febb785d4c87730164f7cf020d036e0e11f2

SHA256
6b2d97ac7dff812bbb826852feb506a4a300b7876fd6985e6b8a16ad710efe89

SHA512
d89a308fc1b9b6ba055e88ac91a830169547c8aea734a773762767fe4c6a76033a8d3f20b8e82c094239d25c8e2f17e4c9b1bcd083d294db368aa28f2cfe85f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4116_1071659247\CRX_INSTALL\js\cs\native.js

Filesize
1KB

MD5
8307716154566dd5d4b7f87f7e536824

SHA1
5b746f1c97a036b190d4cf1db76760902ae1ed87

SHA256
a7e44db42aa52a276edb6a2dea7dae1a8d1f683ae67d0179b5930271e3138d12

SHA512
8dcd2e9dea6c147a4c9578b42fd1613a55e790d3a6ddf98809f123cb06270784b0c0e3ae27bf2957e6066fd8bd831cc09777270e2bb8f6f7c144721f95e3c5fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4116_1071659247\CRX_INSTALL\js\cs\yt.js

Filesize
1KB

MD5
8e84151e901f61a135d941979efd8ff9

SHA1
52841c4272dc039438ce59943489367d1f2e4482

SHA256
738e199707a5027486e17e9bfbd50a1dd295d2d6d5c48ccac17fecaec91b70a1

SHA512
c2e2c027d3655bd549ec59d75cbe307c8e6b66838c72949b965ce2c7ac3c730ffb873a948cc055f6727964cf048d403262e8262c6c6559410ae682e2963c013e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4116_1191912908\CRX_INSTALL\_locales\en\messages.json

Filesize
162B

MD5
bf28ef9468e4e1cbc5f3e055adfa69e5

SHA1
d5cff2ec3851f3fff649d688919f9f4f8511420e

SHA256
0e86dc475bac19122a3134a18cf8af26b83831df3346bcf5093739ca2891b4b3

SHA512
7b37e27f56b8ef1aeec6f25bbe7336ad0bec837af4390e47932adc67c9ed873c6b7cb5d643b39d0b6f383d79c7ee0ab8aa39e70f894ce8f2b90a884d1325c3f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4116_265787722\CRX_INSTALL\assets\index.ts-loader-13a0f470.js

Filesize
341B

MD5
37ba3a70722df270b2f69dd60db8f1dc

SHA1
8c61f83d7e13b5efed2335a14bdfce2463fbaa9f

SHA256
13a0f470c87bf4ac0613fe1c0fd3fbedd5ce1606cb2d491fb93b3cb5bb2e2d75

SHA512
75d1e0556a2ecc24cc3a06619b1894973d391fe089c59bd33033286de99799968cc2137b0c0099d3cc63545ef317ec82cf3534a2739c909644bb01137401d10e

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Crashpad\settings.dat

Filesize
40B

MD5
e1ba9ef358330a0e23211aa840b37ef1

SHA1
b0660434d2391b128db3fc5ff42b92ff192c09f1

SHA256
04bb035bea29794a664b42d2bf1816767c219092257cbc48db37c83ab7d239ea

SHA512
701c9762c81a3ac002681a5749d3267cd34a1e53b7a68fc98bdff98ae3df83da220083e1c538be42ce24ef9a78c8093b33c3a77e970ff804e3e45026a8ce627b

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Cache\Cache_Data\f_000020

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3cf6f9f0c5451feaf80a3b4e15af6043

SHA1
05a77a76cec9feed1426ab692278bca0320e7203

SHA256
76cb69b076cb6795a70b25cf33f94e5c8b199ca762a2c13c98eb6558464bb259

SHA512
06bfe89f1f162dc0478b14560de3385e6944868034eaf864f5db4b4cba0e8ac8c58915cc740085659a028a9dcc60e15f2a6468bcfd9b1cde7e54e4c276a65895

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d643bf8656109ceae0d7bb68f6780006

SHA1
cae789c0c82b8df83efd691b38c343255673befe

SHA256
7080f5946e4b897688506b536653db3cecdafbaac6cdc7afc52aa87b4ddd9d7e

SHA512
b6aaee2e414a635bc66472fa7bc06063bc53cdc9082351f014ee1e2be3348356f558fca71969446cc9ce6dcbc77e6bacc62a9d1c8ea302949bff3210d435d295

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7ac15a98dca5775bff2164c952471cc9

SHA1
94b13b01e18669a6b5f595c331b382ad29eebaaf

SHA256
3f741148af5aba2541c9bd9fe8cca2e329c68408e227459cc4ad6c3b4a032e47

SHA512
2382abf6f115be8e59454e0e59591bd2162d99ec8bd7401b56d55d3f432d0306b331c2324f414db33ee64760391f7b521830e9ac5393d17daa656188236ff955

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index~RF54a6e.TMP

Filesize
48B

MD5
0ba1b81358e2b7d721ed8a87ca1b96b1

SHA1
d90af9531f7597213fb5dbef13f798aa911a2fcf

SHA256
91798e3ba3f51dcc0f2a7ebaf020435afcceca76d0b4b4c59352211a7305c7fb

SHA512
5c96d5243dc35c6ffaabb37967de1bacb986f20a1d87aac4c605e8c948dae8e4ca025b549c7e4a1dfe4e1d1b224672c59a297cc0c1bce686d07cf65b567ea760

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir4116_1480350915\CRX_INSTALL\assets\index.ts-5c6f3b83.js

Filesize
56KB

MD5
52ebda260d370e60901faff13e8c9828

SHA1
4681cb8093a4159560a8103dc32787ffd55bfa29

SHA256
8146421645c3f1f6af4e87a3fb22107220ae417717d7613bb291a0fd330f8437

SHA512
283e4308b2e9a93d3871853a0cd17519b39fcb29fd3e1457af8897d9bf12ff5e3430164c63f4164768ecf936e4cd2c48b8b86037d872a9e3c9bec29a9f91a5a0

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir4116_1480350915\CRX_INSTALL\assets\index.ts-7d59b331.js

Filesize
16KB

MD5
64fa826b6b9bfa910fed4a18c6a12c9f

SHA1
265f312f8187d56522441f869714b9d76229bbeb

SHA256
676f44312864a5e6e41bb8b70412ac265b6a293b791679be10049c17fc62d4f8

SHA512
32b7d2a64ace406caec91994f6eef6551fe982876e5ff3a5d694929e0fbed4bcd2c7c53b879ff5a32ada0ebd35672e50db30a0a17f39abcac34a1cd13a61abfb

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir4116_1480350915\CRX_INSTALL\assets\messages-86fb7e29.js

Filesize
21KB

MD5
6d62c5de88a2381b5627e0d2df7b9a30

SHA1
08c76dfb73e09780b0b3f98e5da414494904417e

SHA256
068f97ff81dc092e4d201f575a2d330a0f5830e847edc6e0e80f8a97684ba75f

SHA512
a193d284bc5c017353e8ce1a51f2449e2e58f0f35fbfbe8173f812bfaa91840f2cdede70897c64d271601f8836ef4f694dc099c2271c18b448b9892e5043e291

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir4116_1480350915\CRX_INSTALL\manifest.json

Filesize
1KB

MD5
d1b209dd9c422ea50135dc2bb716d238

SHA1
fc13c64e6b1ccb9561e8ee0378dd1418b39e401e

SHA256
14abbebee800bc6e73c8302fb892faf2c9ab6df5ac2a8eae66caf583915b7d0b

SHA512
f9641b3f7bf52d4dd9f3e223e220a97924ab8fef6d472924f30b15c91414df9d72ec4de00ffbfe9b17c06d8398cfdbe80095b1da06c3b0683ed6a751cc0f8c8b

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir4116_1480350915\CRX_INSTALL\service-worker-loader.js

Filesize
40B

MD5
b48149d66d4bde2196c003629e79ae5a

SHA1
276944b5796793effe150b05d0e9a8c9af89bfde

SHA256
22002a97ade52f1ede27d832dceab496337b59a6b6e51699d4fa231502fc9f5a

SHA512
89edbd1c24a13c6516cef4d23421bfbaa61a7ab37662e393fc27c4a21c94b02a71d348b55f6f2aba66b6cac7cc2f0894487241664672bdd92f113a07984c7555

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir4116_1480350915\CRX_INSTALL\src\assets\icons\icon-128.png

Filesize
3KB

MD5
af719a0c95789b088fe4b9f82dd5ee98

SHA1
cca49d2a728cd456b450cfcc20f91acf781c3105

SHA256
5b861963c613fca1dc4aac9a416e43b2165b05a4277478f74b7f6562a378ff5f

SHA512
4a6f77684b3bc459897ab2709754849868bac64f4e099c1e74970339c944738278454d6c043ee8a2a0337e9891e7e7126bfc41e6fb0f5fac544b978ae36f5082

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir4116_1480350915\CRX_INSTALL\src\assets\icons\icon-16.png

Filesize
425B

MD5
46c4711e8452178b9c2471f9c59c2667

SHA1
e020f7ba4a787f840d204525e8eeb21d0c21e2be

SHA256
4e1aed06fc4105c64aabe9580069d0cdeec3464a693241e7c02771e1beda860f

SHA512
42f2161205f28003aff9ea4a8bb33a0a0ebbdbb9bb5e9446efbca4f000a4315b2bf7184d79254c148da40597cc15bf8f22a02a3da78cf5c9026ae35e4bd695bd

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir4116_1480350915\CRX_INSTALL\src\assets\icons\icon-32.png

Filesize
764B

MD5
9caefef512720012470700a11b0bd456

SHA1
bfc11bafa996fbbce1566a569a79d5d72b08f1e5

SHA256
82c0a843e1df5cc10a8c6beabee8416281aa89c73798d7bb6a2cf4a237a24ae0

SHA512
3bb42b23babd54cb902e595b84a398ad5b2c9bd2e4bd4951a8b0cdfdbf91f6d0e04bb1fa944c54d673babdbcf0400c1947d0e12fba8057c3f69ab1e61b89aea1

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir4116_1480350915\CRX_INSTALL\src\assets\icons\icon-48.png

Filesize
1KB

MD5
2184400582c25500a74577359a1f7e7b

SHA1
e69eecf84f7d2d98bf236edbcfc143fa42d01bc3

SHA256
c6c3593c7d0af5c9a7f2e26b98ef2629e392c5da87df80653d94ebe412d5c9c0

SHA512
24858ebec11fc0bb586eb2d6f555f5e798ec9708ad89b0a94957a1537dc150a584b70865d7fed53d3f122789812d390eb6af6b68ff4cd93296b2b0e5a21b103f

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir4116_1480350915\CRX_INSTALL\src\assets\images\adblocker-bg-1.png

Filesize
16KB

MD5
404ead15b3040c2a16cada6a18088aab

SHA1
57d6d1b3d601532d1825c738ee51d0971f137af8

SHA256
bd474396ecae2864798b9b33062afe3b599dc834db30b6a2f4cff0d0cbb9f9b8

SHA512
12173b41f487987aceac82c13f63b1318107c48d6803dc1f89053245c1c08d092761399ab397da44f0ccca5d9ee3c79ab98081cbdb25a78ab5b97f0b52a4f784

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir4116_1480350915\CRX_INSTALL\src\assets\images\weather-bg-1.png

Filesize
68KB

MD5
8f158754f161c02baf061d230c993455

SHA1
41b21d1c3e2aa029ecc77dd6aa5b174d0eab34bf

SHA256
0055b3b2ca2078823b01d4cf064d4ebfac5cbce03fa38c8b5e920b92b3b47f6e

SHA512
8e417897690aa540ffde4ecc541a7a0a7071f355b6b663601647e6099f67310f540a40b12f6c0a2984965123d9ff3ac9e78f0be7b4abe2d6bc9ae941fd869106

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir4116_1480350915\CRX_INSTALL\src\assets\images\[email protected]

Filesize
234KB

MD5
d336d499edc3d7205948e09647ab5826

SHA1
797b756310da1f67d3df61c821377992a305cb6f

SHA256
63f3d2622f4927d830412c8b089dfbdc77dbb880f9c49f072c6c8dc0b3cdbd00

SHA512
fc0d6b3c8ae83f3db7c5f9ed4a999b090b2a1e8fd80f4b91ce1a42f804cf8c8c49d03dc0f362617c0df130a7b607b5ffe36fdc0edfa5f4a18b308a4a66ca8472

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir4116_1480350915\CRX_INSTALL\src\assets\images\weather-qr-1.png

Filesize
5KB

MD5
5cdc09bfeb0cc136c4b8e45114c8b910

SHA1
9d15f710e94409fc854c30630d70c66959871410

SHA256
70697bb3558c12efe9b34ca34b05ff39dadae04df9e4928e0de6811b3efb3a99

SHA512
29b8d495506291d46554e0a3951cdcd6fcd5f3c43fb52ac15c4bc13180d88fe91495c616c3e12a2c7edb7a2d64f90c391faa539199ba7532c45fcb827270e131

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\Temp\scoped_dir4116_1480350915\CRX_INSTALL\src\assets\images\[email protected]

Filesize
6KB

MD5
e86f7685206ae12b271a4c50620f1f81

SHA1
b5a96bdd23787dc994406c408c8db08cccffa646

SHA256
28cb433c90e6ca9cfa6aaeb6ec60ee2c98d02a255d671c7c47689f9799cdd14f

SHA512
fa2fb8ca2050b13193898a48da639673e706b156b666e8159b6a71d417aca7490c4faa8953776fded46226c7ac0b6465c44729cb452fd93fc961ca2bcbaedbba

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\hbgjioklmpbdmemlmbkfckopochbgjpl\1.0.0_0\preferences_schema.json

Filesize
7KB

MD5
a192304f63ef26c80086f835cc4b7ada

SHA1
6963e90e752209132b728a938844c4c64dc94d43

SHA256
4f72309f9378f04b3f1cb8f46b031ff513ac63e5056d96272f2bdc6d39dcddf9

SHA512
be619909cd0c3465966a4018847310c1493bfdecad6f07bb28293f3dcea73dc377f5d52cca040d626368e17828eae28384fe51d20c4a71925c5f31eea8e18561

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\mccchmdkmjpgjlhckmbinjaioihkcnkc\1.0.8_0\images\x48\icon.png

Filesize
2KB

MD5
fd727c2aaa8b364faab1828aae2250fc

SHA1
bca5b2548b009ccd0b2f79c09fd628fb3119231e

SHA256
1a32dcbadab7c91a690879b5425f6815c07dda1aadb6f6a7942b9e895cdecd0f

SHA512
7d21b3133beea16a8713ab8a87ac7b84d8b2a312e4f017a9988e970f7281b9c41dec3f909d5483bba387e5ede366e80c210da93a78ed72b108f65934eef07c15

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Extensions\mccchmdkmjpgjlhckmbinjaioihkcnkc\1.0.8_0\images\x48\icon_a.png

Filesize
2KB

MD5
c05285aad074c0872dd78908176b1052

SHA1
b8a5926d153dfbc503a38a749baf9099903c289f

SHA256
9a4a7e0c2969562d5d1299f80317d4560265b4a843cf17491c7d36fa74a91cc1

SHA512
6006b22ff83d0afdc346179a4c2dbbf927efcc62fcf9105fb45efd768bdba62af5839c3efb21e2555e0090639ab2dca76397d294b51db0dca768def53ce00a1a

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Google Profile.ico

Filesize
173KB

MD5
f3d32d9918947cd0ee98a95e6782ea0c

SHA1
7d352e9a4799b5a180e11eaae4a7ef1a6ae51d2a

SHA256
33845d8a8dfe591b8eed4b27f2c47dc856b11d86c6bfec08074662c559ed4d01

SHA512
e4818c7e56b2a7f28610f14f738fe92018528517182e5cfa2e17750796bbdecdc2bca3af71afaad2e27a19a17e487fc321e8e20c286268dfb7a126135817804d

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\IndexedDB\chrome-extension_gbohaofhodnpniflcnancekmknlomeck_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
c447274aef8cbe289cf42e626d660693

SHA1
5f9853100d4d0d3bb191b44b2c1f574823a9fd24

SHA256
7021619b2e8e9d263ef80cc0a5411f5a4af03095c213f928a7f746f39548ae67

SHA512
377c70d9518ff11f017a36cf6b67850342a79c682bde7f7c9e2e58cf7913785d16c28ec199c238ac6631778d2d02d9de49a6f0c8f1c186cc1f03bea1f6adf376

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
f699bf598cadae5f30ba4940e2650219

SHA1
97198f6c5e7708203b124419466a87cf4387382d

SHA256
0ae4963df2de6a8e65f72d4b911929f0b0d23335fd4f85df8e3d46195ea7f1ed

SHA512
b224b7487c344963e5b09d87a858e601773274d7826901c032ee2d5fe214774b6d49cebe1af0a5a6d531fce7315bbdbfb270e41f7e35154c69819d77c3ae2efb

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\Network Persistent State~RF5e0a3.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a04d89b325793c2732089d9a27874aad

SHA1
880309c8da8e2e7bac71751e3fa5c56eaed4ce0f

SHA256
4037ca13d73efce8c3573413dc755e68d815bd67134b190aac111cf787a4012a

SHA512
4afd193bdc01869c57e6d224dd84f34127a568a0939497a2d05755a9b62a8a1f3e5ae42000c3dddddaf41afd474fdcd7fe4721b2c19600941b3087740784bc6d

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8208cf28e10369b3761854fac54cdf80

SHA1
b5b32f03566bcbf7c707e86d51017c0cf9896055

SHA256
62e01408900afaa995a24e28d17dbef3a265a60041a6a9b07f1eb7cf2e577b0d

SHA512
c8da5eb301176e579411a91b93e015be82ae7cad123b2492be87570605de7e2774363c0277ebcd7a292ffb51de185291c31ff559005534b1abd4a541cb393793

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5f8068feb1d3fe56262fcfe0e6dc8e13

SHA1
fcd5e5702544d6c89842a2e055d480568394ee36

SHA256
815554f9204e650dba6bc25030bebb735786a253c6b81c153789ad127665e4f5

SHA512
dc14e41a423b741296ef63c26c5fcf7bda52e8bb9bbff21bce10070e2a33b0627dfb843d2dc56324dafb7813b0a2f831836633eb395ac078982056f412873e0a

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0e308e175abfca0abf4ede46cc9a083a

SHA1
a315fa379d789fc0b9c3edb9451517a08d9f5640

SHA256
8fd14612caa0f993d72e53bf2666e74c34ca493f0f3a5456aee04613313e1d15

SHA512
8b63aec9c3009cb2b983dbecaf7dcfd5d05c0ad75c93f9c7f9f37f51f2446229ed34b5e11c595f71de1090329947f13722d6f408cb0c054747b4f398163211ff

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Network\TransportSecurity~RF51ee9.TMP

Filesize
1KB

MD5
defe606a29e107044b954b71e4b88b38

SHA1
cc4e44435c6ef520ab453eaa92772ee1d1fcb38f

SHA256
01913d56f456cb1da61d977c2408facb014f0ff691c42d0bc85817f7a2e0efd0

SHA512
a1026a6cf47a545732ec7d52fb1f52e72a7f0c2a1f2b7ddb51df8786fb8ece4e3f8461e92ccfcf667c4ead871ae91e8074bb717df41d0fbd8f20217b3baf1c4a

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Preferences

Filesize
15KB

MD5
98ed83b7b853ab0c93a350d8768e184b

SHA1
95e0a75f0233977c5cc9a5b13847778077a6e97a

SHA256
9b67d63f1fe45c952ab57eb30680f2318a6343234cc06acda88f1d816a5d3a5d

SHA512
682d96505a6922691d3fb214a66a2ffbb2375023acdd46b8645ddcabbbef5b1e77f7ab8d14f7105a17781c3a499755a3f039870d78a2c718ff00f080e1b84246

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Preferences

Filesize
15KB

MD5
7be9ab369f0d4903963d7bebe5be094c

SHA1
27adb6d8b8beb0c987f073ef3ce340a2642e048e

SHA256
d8536ca9c12ec92fed074888208c9dffb9b12f545eeaefc43050adc2b347468b

SHA512
76fe8270c68f4ca1478ad01f4c1a826af0091c57453c03dfe52e059f29d51606867e7299adfcc238e72304ef546bea0b06345b6712678754c79c42a80d9a3574

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Preferences

Filesize
15KB

MD5
d84fd4e1128ba18a20af04f474c53ab9

SHA1
3f46a0ba561733987b1070afa6e2828ef2d1708d

SHA256
7c3d9bfc4af6038df43bc80b314862ae12547a28ac764a8ea3154f5d3fc0eaf8

SHA512
76c6f5023c044ebec060c5d0599e9cb16bac75dc7342d83a7951bce6d0c6a4851167acbd2f4338a3e81c86f72d5b891c1ff9ee04e1dd5a569895b79474ad5980

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Preferences

Filesize
14KB

MD5
bad8c05fb7cc6dad889dcb28c7d1f630

SHA1
35f0c46e619409456e1d3538788a2595d41db625

SHA256
b8e999518560a4083415b67a3bb3e51b19d43b659d4d139f1f1dc19890a761aa

SHA512
cdb95e405ebd2a896580d5398253299a4166a3387bd4a95883449e0504be9ad3d0236e02266e07493a6c6bc92c66bfe678d4dfc8f69d26b2ea6152152d9ab534

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Preferences~RF4f374.TMP

Filesize
4KB

MD5
d019bbe24ce71eed45643185cbccfeb3

SHA1
deaa939a6c2bea6589542294725437599c1fe44a

SHA256
c666606c585f173d719d9cc1ec8304be3f5fc3f8a468c6e65cbf8c55d1bc3436

SHA512
1695f73dfbb019d95e8800f2f9eed1c8f0104c384e88519bae100da0977d3042d9e48e44e6334f23943fcb2b4c220d1640066b69521958094a8595812d0e64a3

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
35KB

MD5
d85b90964d947ec52b79f6a0947891ff

SHA1
968980126ed95ea32cf847c8c5ed71eb820dcae7

SHA256
2048c4a513661b21f52e0ea4e05a6abd41563adbc06177751e4f27ece679fbcf

SHA512
a3fde768c921a381127bacf20fc6c751c46672a26c2b967219ff27e3094bdac28700f238e01fd2e98222f70bf78f0ff9f47b217c1aaf5e15924b576a065e24f3

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
ea66a3b46487f5ecf9f93dd71f42cfbd

SHA1
42299fd490d44f3ebd9a4ad34b7c714fc7d4c136

SHA256
02549717a739ff71377173b15e526852ae7d8fb7d0f4cf2de9410359bf923bb6

SHA512
b974fd0d71e337f597616733b28fa3ae7bfc25027716c68f8dae4b6c969ba7c771c9c600b270b66057cbcec499b0673c8f4e15c0632ac467401bd78ba95937fa

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF54a3f.TMP

Filesize
48B

MD5
afbb0e82a6aad8f32ab13d32c40611c0

SHA1
4e2fb3bd8dd36ee93cdddd4d34b7c663393389dc

SHA256
e3487a476cf8fa9ecd1b781a44c32e38109351806a5f7e3318c85ef4eec6c205

SHA512
b727ea471eafb462092ccd334f072933a1b2834ed83e41fce5686d94a6c0cfb74bb3a249115de9bf118a9e123944aa5e855fe9eb3b6210df2fc5f1a16b36c2f5

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\dc5d8978-8247-43cc-b8f1-e1f8585ad853.tmp

Filesize
45KB

MD5
b0267a9f8fe179c0687893564961950c

SHA1
391fd7cc2328a06c01a62518a9c3e1792bf83c8a

SHA256
c776c4757f1c8721d8e3978e2d5436a7e6c01869c353bd7506c96bc2c2ee0632

SHA512
4677286906379cd3d642a7ccf86c84b5fa545899faa9d4d3576cd2a2b435ad5e25df6f2abb42fd8c998932c60a197b7d84cffc4362b798a0341f74b55cfe548b

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\GrShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Local State

Filesize
10KB

MD5
649452daa1f3ead3ccaa9ddb99a0d208

SHA1
05544dcaceae5390e25cacd7e44b4d14665fc256

SHA256
d2d0271a46f3e3f90e1b8aac1a53ac51547c48a03ace539c7e19f4d4daf21000

SHA512
58c541b84f743b7fee91e1975f263efa0706e7a33582eb4958a9b893eafe59283437110729f68f678b29d8d5c021f145d9d6238bb0f88b6992192e590857fddb

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Local State

Filesize
7KB

MD5
ff97393f5c4dbac69cbb8cc846eccd9d

SHA1
a550dd16af280bceff4a81fcc948204a47316101

SHA256
922db2f017aa1b6df277e30146115800378f95df95c3409702f59bc6791d71ac

SHA512
d3c9dddc9f971958e3704ca7ab1e4123a66e37b5127bd7ed5450df8484b46b3a9c547f2b081dc0e24ee6bda6fb3db301938b22198f4f57c008ca9fcf652ca32f

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Local State

Filesize
7KB

MD5
58833b34efd8dc6f39033e6e812b0529

SHA1
d6c512cc936d8200e5b174b73441d95daf83c88b

SHA256
0e125220e27aac78468bb3cb592e65c081149eb0ac97267c3e4f5ca06167d21a

SHA512
d54c574218583a2b76155e82a401bc727e902edb0e7f9e95f0d4275c8795d1dc842193bba8268b4ae3fb58e2296741a36006e998afae4cf424967c4a2376c0be

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\Local State~RF4f336.TMP

Filesize
3KB

MD5
21e4ed2e59ad49891c51e2338a2dbbfd

SHA1
ed62a34f364e2e7b0de63af93532b75c9894a1d0

SHA256
437d6925f5ce1120f2b34bb4052ece183a3235cbdeb56220a1506dd18f96b24c

SHA512
fddf7facc6566775c25bbbf01eb551466ef622f98793a57ff6d7605d8403ff6c270dd1b387fedc385048846bde95e6fae90d739225624ef53ed113a069bd577d

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\SafetyTips\3040\safety_tips.pb

Filesize
155KB

MD5
d4e402e00f327259e81ed232857aace6

SHA1
93cf4f24a3ac47e1f2241366680dfa43e14fa564

SHA256
24d8271218b28f8db148df2bb5efb4038cfdc09ab379f6b6ecd8658ce6531391

SHA512
d2a68d587279685eadca2efd3f2fb6d31d1db30c0c20d91f536b247fa6a00a68957c06e82828b4410f5dbb954a02863a70f7b3378855fe4694fa62b71d456a21

Download Submit
C:\Users\Admin\AppData\Local\WaveBrowser\User Data\ZxcvbnData\3\ranked_dicts

Filesize
865KB

MD5
959460a18173908111523bbf4c39073e

SHA1
c42a9a7042f6d87a6a9de7f9bf378f1fe9485fcc

SHA256
5820d0bf9cfc363ff929492b1eb6df430039f4ac0e212a5b5411f7c2614f79d0

SHA512
291decc0f58cf71d7929a52d2c21a07590c02bcd202b73fb20391d6d0c7dcbe3aec24e02606f22dbd589ee2546a0eb8414c232f74ec646a1f26496c280705600

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveBrowser.lnk

Filesize
2KB

MD5
85bbcacd013638b5e9eb6559b0c41167

SHA1
fc53a99e3b330462f7740924670c9432a29d3095

SHA256
a756a16e7b6a21dd8c7d2634cd27d68e19298bd410f7161a1b49ba6a6375fe80

SHA512
5bed552b4b2098f40028063a53d827b709064073af2284be387d3cbc53a023ab3c281336a865feb8e050fc24eb088c9f040afc71857fdaa7a5673531d4542d14

Download Submit
C:\Users\Admin\Wavesor Software\WaveBrowser\initial_preferences

Filesize
3KB

MD5
acce8acf1c639f18637787a5ac571c7e

SHA1
6eb08afc832bcf5c75c64e58533e02e3300d65b4

SHA256
fcc255ccc6ab033e0bd84190240e2ada503d2e557043f8e7c29997f0be3330eb

SHA512
1591de6b015334a7040dfb6b8d828cd03ab43238671cad92dad0b16a8e7f4e17129d3857c3e3c0ddda333dd39d2f4c364799fda0898e522e20472b532a93976b

Download Submit
C:\Users\Admin\Wavesor Software\WaveBrowser\master_preferences

Filesize
1KB

MD5
6dba40f63a025144e33d1fd731b454db

SHA1
5bf7897d9a221be81d73ff8700912963fd802969

SHA256
0c0edbfdcd3ea38eadc0ad6daff3c80c7eeb29d0ced87bda64fc29d303d4e3f5

SHA512
23a9eae53a755497a00964b377afbcf06749f0d6bf2b61c6899737c1f926d7e34539611500fd02bb88fca7164529d64709f703212c3dc4e25829fb17dca981d5

Download Submit
C:\Users\Admin\Wavesor Software\WaveBrowser\wavebrowser.exe

Filesize
2.8MB

MD5
564d4afadf3d9a9d041a0d70689b024b

SHA1
a3c4fa191b2a4f9f825f60dd616c4a6eb55336b9

SHA256
76443abc7b21d4f473eec95965686a7fd63cdcd15b9fab91f6f155edd73b7173

SHA512
09a60b4bb5f7b6b5c4eb4d0c2855bd44eb8fcd32beb42223d0e29901531b4261735af8860010d2f8348645053e74b271b6168ed0c520b311fc6fa6ae31b15128

Download Submit
\??\PIPE\wkssvc

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/864-475-0x00000282017C0000-0x00000282017C1000-memory.dmp

Filesize
4KB

Download
memory/864-484-0x0000028201790000-0x00000282017BB000-memory.dmp

Filesize
172KB

Download
memory/1300-604-0x000002DE6F4C0000-0x000002DE6F4C1000-memory.dmp

Filesize
4KB

Download
memory/1300-648-0x000002DE6F490000-0x000002DE6F4BB000-memory.dmp

Filesize
172KB

Download
memory/1332-547-0x000001C50FB50000-0x000001C50FB51000-memory.dmp

Filesize
4KB

Download
memory/1332-640-0x000001C50FB20000-0x000001C50FB4B000-memory.dmp

Filesize
172KB

Download
memory/1784-408-0x0000018822BC0000-0x0000018822BC1000-memory.dmp

Filesize
4KB

Download
memory/1784-413-0x0000018821200000-0x000001882122B000-memory.dmp

Filesize
172KB

Download
memory/2332-6-0x000000001F3A0000-0x000000001F3D8000-memory.dmp

Filesize
224KB

Download
memory/2332-0-0x00007FF899563000-0x00007FF899565000-memory.dmp

Filesize
8KB

Download
memory/2332-1-0x0000000000FD0000-0x000000000110E000-memory.dmp

Filesize
1.2MB

Download
memory/2332-94-0x00007FF899563000-0x00007FF899565000-memory.dmp

Filesize
8KB

Download
memory/2332-9-0x0000000020D70000-0x0000000021298000-memory.dmp

Filesize
5.2MB

Download
memory/2332-118-0x00007FF899560000-0x00007FF89A021000-memory.dmp

Filesize
10.8MB

Download
memory/2332-7-0x000000001F370000-0x000000001F37E000-memory.dmp

Filesize
56KB

Download
memory/2332-411-0x00007FF899560000-0x00007FF89A021000-memory.dmp

Filesize
10.8MB

Download
memory/2332-8-0x00007FF899560000-0x00007FF89A021000-memory.dmp

Filesize
10.8MB

Download
memory/2332-2-0x00007FF899560000-0x00007FF89A021000-memory.dmp

Filesize
10.8MB

Download
memory/2332-3-0x00007FF899560000-0x00007FF89A021000-memory.dmp

Filesize
10.8MB

Download
memory/2332-4-0x00007FF899560000-0x00007FF89A021000-memory.dmp

Filesize
10.8MB

Download
memory/2332-5-0x000000001F320000-0x000000001F328000-memory.dmp

Filesize
32KB

Download
memory/2900-641-0x0000023B56700000-0x0000023B5672B000-memory.dmp

Filesize
172KB

Download
memory/2900-549-0x0000023B56730000-0x0000023B56731000-memory.dmp

Filesize
4KB

Download
memory/2948-551-0x000001AD16A50000-0x000001AD16A51000-memory.dmp

Filesize
4KB

Download
memory/2948-642-0x000001AD15110000-0x000001AD1513B000-memory.dmp

Filesize
172KB

Download
memory/3008-620-0x000001F238140000-0x000001F238141000-memory.dmp

Filesize
4KB

Download
memory/3008-649-0x000001F238110000-0x000001F23813B000-memory.dmp

Filesize
172KB

Download
memory/3600-650-0x00000227206C0000-0x00000227206EB000-memory.dmp

Filesize
172KB

Download
memory/3600-621-0x00000227206F0000-0x00000227206F1000-memory.dmp

Filesize
4KB

Download
memory/3604-517-0x000001AE81DF0000-0x000001AE81DF1000-memory.dmp

Filesize
4KB

Download
memory/3604-636-0x000001AE81DC0000-0x000001AE81DEB000-memory.dmp

Filesize
172KB

Download
memory/3808-643-0x000001E3B51A0000-0x000001E3B51CB000-memory.dmp

Filesize
172KB

Download
memory/3808-558-0x000001E3B51D0000-0x000001E3B51D1000-memory.dmp

Filesize
4KB

Download
memory/3984-631-0x000001A798670000-0x000001A798671000-memory.dmp

Filesize
4KB

Download
memory/3984-651-0x000001A798640000-0x000001A79866B000-memory.dmp

Filesize
172KB

Download
memory/5240-673-0x00000260985D0000-0x00000260985D1000-memory.dmp

Filesize
4KB

Download
memory/5296-566-0x00000222192E0000-0x00000222192E1000-memory.dmp

Filesize
4KB

Download
memory/5296-644-0x0000022217920000-0x000002221794B000-memory.dmp

Filesize
172KB

Download
memory/5384-638-0x000001789C540000-0x000001789C56B000-memory.dmp

Filesize
172KB

Download
memory/5384-532-0x000001789C570000-0x000001789C571000-memory.dmp

Filesize
4KB

Download
memory/5392-637-0x000002B801DC0000-0x000002B801DEB000-memory.dmp

Filesize
172KB

Download
memory/5392-524-0x000002B801DF0000-0x000002B801DF1000-memory.dmp

Filesize
4KB

Download
memory/5492-645-0x00000147B7680000-0x00000147B76AB000-memory.dmp

Filesize
172KB

Download
memory/5492-577-0x00000147B76B0000-0x00000147B76B1000-memory.dmp

Filesize
4KB

Download
memory/5512-639-0x000001DE603E0000-0x000001DE6040B000-memory.dmp

Filesize
172KB

Download
memory/5512-534-0x000001DE60410000-0x000001DE60411000-memory.dmp

Filesize
4KB

Download
memory/5784-584-0x0000025D084B0000-0x0000025D084B1000-memory.dmp

Filesize
4KB

Download
memory/5784-646-0x0000025D08250000-0x0000025D0827B000-memory.dmp

Filesize
172KB

Download
memory/5812-479-0x00000225C6760000-0x00000225C6761000-memory.dmp

Filesize
4KB

Download
memory/5812-485-0x00000225C6730000-0x00000225C675B000-memory.dmp

Filesize
172KB

Download
memory/5832-251-0x00007FF8B6790000-0x00007FF8B6791000-memory.dmp

Filesize
4KB

Download
memory/5832-252-0x0000027755E60000-0x0000027755E61000-memory.dmp

Filesize
4KB

Download
memory/6000-647-0x0000022C09430000-0x0000022C0945B000-memory.dmp

Filesize
172KB

Download
memory/6000-596-0x0000022C09460000-0x0000022C09461000-memory.dmp

Filesize
4KB

Download
memory/6132-477-0x000001855EB30000-0x000001855EB31000-memory.dmp

Filesize
4KB

Download
memory/6132-486-0x000001855D130000-0x000001855D15B000-memory.dmp

Filesize
172KB

Download