Analysis Overview
SHA256
a2951ed01ae0a4f869a99e547ab7144ee3e69ab9999bafa26f51e0d72beecaaa
Threat Level: Likely malicious
The file Archive.zip was found to be: Likely malicious.
Malicious Activity Summary
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Themida packer
Executes dropped EXE
Loads dropped DLL
Checks BIOS information in registry
Suspicious use of NtSetInformationThreadHideFromDebugger
Detects Pyinstaller
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-10 16:40
Signatures
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-10 16:37
Reported
2024-05-10 16:44
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
159s
Command Line
Signatures
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Desktop\WaveTrial\Injector.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Desktop\WaveTrial\Injector.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Desktop\WaveTrial\Injector.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\WaveTrial\unpacked_Injector.exe | N/A |
Loads dropped DLL
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\WaveTrial\Injector.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\unlicense.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\unlicense.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\unlicense.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Archive.zip
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\unlicense.exe
"C:\Users\Admin\Desktop\unlicense.exe" C:\Users\Admin\Desktop\WaveTrial\Injector.exe
C:\Users\Admin\Desktop\unlicense.exe
"C:\Users\Admin\Desktop\unlicense.exe" C:\Users\Admin\Desktop\WaveTrial\Injector.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Users\Admin\Desktop\WaveTrial\Injector.exe
"C:\Users\Admin\Desktop\WaveTrial\Injector.exe"
C:\Users\Admin\Desktop\WaveTrial\unpacked_Injector.exe
"C:\Users\Admin\Desktop\WaveTrial\unpacked_Injector.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1580.0.1511161151\143304918" -parentBuildID 20230214051806 -prefsHandle 1804 -prefMapHandle 1596 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1ea5c43-105f-4599-a439-896fc81b3363} 1580 "\\.\pipe\gecko-crash-server-pipe.1580" 1884 1496df0db58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1580.1.879567778\859442182" -parentBuildID 20230214051806 -prefsHandle 2440 -prefMapHandle 2428 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ff6d5f3-74d0-4692-9679-772857e6a673} 1580 "\\.\pipe\gecko-crash-server-pipe.1580" 2452 14961288758 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1580.2.1979148019\1373334784" -childID 1 -isForBrowser -prefsHandle 2896 -prefMapHandle 2856 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1b3a7e2-2c14-4805-a348-1fc825b0db7a} 1580 "\\.\pipe\gecko-crash-server-pipe.1580" 3024 1496cf91358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1580.3.1637186182\668588366" -childID 2 -isForBrowser -prefsHandle 3860 -prefMapHandle 3856 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e840b44-ddbc-4e69-9df7-fa190dc50437} 1580 "\\.\pipe\gecko-crash-server-pipe.1580" 3888 14973069258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1580.4.2115214031\1715919249" -childID 3 -isForBrowser -prefsHandle 5212 -prefMapHandle 5208 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4846e56d-3ca4-42ff-9f8d-cec14eb96c8d} 1580 "\\.\pipe\gecko-crash-server-pipe.1580" 5184 1497071e258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1580.5.1854568197\461847341" -childID 4 -isForBrowser -prefsHandle 5348 -prefMapHandle 5356 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8585cc9a-4128-4903-9b70-926e1b7e0ccf} 1580 "\\.\pipe\gecko-crash-server-pipe.1580" 5340 14973548058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1580.6.118080861\1671227910" -childID 5 -isForBrowser -prefsHandle 5588 -prefMapHandle 5532 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56c453bd-eb98-4eaa-adea-92b71c22987f} 1580 "\\.\pipe\gecko-crash-server-pipe.1580" 5580 14976084658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1580.7.173586275\169936959" -childID 6 -isForBrowser -prefsHandle 5744 -prefMapHandle 5756 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8a444a4-461f-492a-9350-eea03f2262a1} 1580 "\\.\pipe\gecko-crash-server-pipe.1580" 5772 14977bac558 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:59830 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 35.164.250.149:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 149.250.164.35.in-addr.arpa | udp |
| N/A | 127.0.0.1:59836 | tcp | |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 51.178.66.33:80 | gofile.io | tcp |
| US | 8.8.8.8:53 | gofile.io | udp |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 51.178.66.33:443 | gofile.io | tcp |
| US | 8.8.8.8:53 | 33.66.178.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 51.178.66.33:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | 210.242.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| US | 8.8.8.8:53 | store9.gofile.io | udp |
| US | 8.8.8.8:53 | store8.gofile.io | udp |
| US | 8.8.8.8:53 | store3.gofile.io | udp |
| US | 8.8.8.8:53 | store10.gofile.io | udp |
| US | 8.8.8.8:53 | store1.gofile.io | udp |
| US | 206.168.190.239:443 | store9.gofile.io | tcp |
| US | 8.8.8.8:53 | store9.gofile.io | udp |
| US | 136.175.10.233:443 | store3.gofile.io | tcp |
| FR | 45.112.123.227:443 | store1.gofile.io | tcp |
| FR | 31.14.70.252:443 | store10.gofile.io | tcp |
| US | 8.8.8.8:53 | store3.gofile.io | udp |
| US | 8.8.8.8:53 | store1.gofile.io | udp |
| US | 8.8.8.8:53 | store3.gofile.io | udp |
| US | 8.8.8.8:53 | store1.gofile.io | udp |
| US | 206.168.191.31:443 | store8.gofile.io | tcp |
| US | 8.8.8.8:53 | store9.gofile.io | udp |
| US | 8.8.8.8:53 | store10.gofile.io | udp |
| US | 8.8.8.8:53 | store8.gofile.io | udp |
| US | 8.8.8.8:53 | store8.gofile.io | udp |
| US | 8.8.8.8:53 | store10.gofile.io | udp |
| US | 8.8.8.8:53 | 252.70.14.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.190.168.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.123.112.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.10.175.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.191.168.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.117.168.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI50842\ucrtbase.dll
| MD5 | 6169dac91a2ab01314395d972fc48642 |
| SHA1 | a8d9df6020668e57b97c01c8fd155a65218018af |
| SHA256 | 293e867204c66f6ea557da9dfba34501c1b49fde6ba8ca36e8af064508707b4e |
| SHA512 | 5f42f268426069314c7e9a90ce9ca33e9cd8c1512dcd5cc38d33442aa24dd5c40fa806cc8a2f1c1189acae6a2e680b6e12fb8e79a3c73e38ae21a154be975199 |
C:\Users\Admin\AppData\Local\Temp\_MEI50842\python311.dll
| MD5 | 5a5dd7cad8028097842b0afef45bfbcf |
| SHA1 | e247a2e460687c607253949c52ae2801ff35dc4a |
| SHA256 | a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce |
| SHA512 | e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858 |
C:\Users\Admin\AppData\Local\Temp\_MEI50842\VCRUNTIME140.dll
| MD5 | 4585a96cc4eef6aafd5e27ea09147dc6 |
| SHA1 | 489cfff1b19abbec98fda26ac8958005e88dd0cb |
| SHA256 | a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736 |
| SHA512 | d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286 |
C:\Users\Admin\AppData\Local\Temp\_MEI50842\base_library.zip
| MD5 | 5327287d65cc9ab041ce96e93d3a6d53 |
| SHA1 | a57aa09afecf580c301f1a7702dbbb07327cf8a9 |
| SHA256 | 73cdfcec488b39e14993fb32a233de4bc841a394092fcac1deb6ee41e24720ea |
| SHA512 | 68fc996b4809a762b8d44323a5d023ba8a39580039c748bc310da9878c94fe1685709ab959365ecb26a5ee1a82e65f2eb19344f1f03d4dff48eb87a403a57c20 |
C:\Users\Admin\AppData\Local\Temp\_MEI50842\_ctypes.pyd
| MD5 | bd36f7d64660d120c6fb98c8f536d369 |
| SHA1 | 6829c9ce6091cb2b085eb3d5469337ac4782f927 |
| SHA256 | ee543453ac1a2b9b52e80dc66207d3767012ca24ce2b44206804767f37443902 |
| SHA512 | bd15f6d4492ddbc89fcbadba07fc10aa6698b13030dd301340b5f1b02b74191faf9b3dcf66b72ecf96084656084b531034ea5cadc1dd333ef64afb69a1d1fd56 |
C:\Users\Admin\AppData\Local\Temp\_MEI50842\python3.DLL
| MD5 | b711598fc3ed0fe4cf2c7f3e0877979e |
| SHA1 | 299c799e5d697834aa2447d8a313588ab5c5e433 |
| SHA256 | 520169aa6cf49d7ee724d1178de1be0e809e4bdcf671e06f3d422a0dd5fd294a |
| SHA512 | b3d59eff5e38cef651c9603971bde77be7231ea8b7bdb444259390a8a9e452e107a0b6cb9cc93e37fd3b40afb2ba9e67217d648bfca52f7cdc4b60c7493b6b84 |
C:\Users\Admin\AppData\Local\Temp\_MEI50842\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\AppData\Local\Temp\_MEI50842\_bz2.pyd
| MD5 | 3859239ced9a45399b967ebce5a6ba23 |
| SHA1 | 6f8ff3df90ac833c1eb69208db462cda8ca3f8d6 |
| SHA256 | a4dd883257a7ace84f96bcc6cd59e22d843d0db080606defae32923fc712c75a |
| SHA512 | 030e5ce81e36bd55f69d55cbb8385820eb7c1f95342c1a32058f49abeabb485b1c4a30877c07a56c9d909228e45a4196872e14ded4f87adaa8b6ad97463e5c69 |
C:\Users\Admin\AppData\Local\Temp\_MEI50842\_lzma.pyd
| MD5 | e5abc3a72996f8fde0bcf709e6577d9d |
| SHA1 | 15770bdcd06e171f0b868c803b8cf33a8581edd3 |
| SHA256 | 1796038480754a680f33a4e37c8b5673cc86c49281a287dc0c5cae984d0cb4bb |
| SHA512 | b347474dc071f2857e1e16965b43db6518e35915b8168bdeff1ead4dff710a1cc9f04ca0ced23a6de40d717eea375eedb0bf3714daf35de6a77f071db33dfae6 |
C:\Users\Admin\AppData\Local\Temp\_MEI50842\pyexpat.pyd
| MD5 | 9c21a5540fc572f75901820cf97245ec |
| SHA1 | 09296f032a50de7b398018f28ee8086da915aebd |
| SHA256 | 2ff8cd82e7cc255e219e7734498d2dea0c65a5ab29dc8581240d40eb81246045 |
| SHA512 | 4217268db87eec2f0a14b5881edb3fdb8efe7ea27d6dcbee7602ca4997416c1130420f11167dac7e781553f3611409fa37650b7c2b2d09f19dc190b17b410ba5 |
C:\Users\Admin\AppData\Local\Temp\_MEI50842\_socket.pyd
| MD5 | 1eea9568d6fdef29b9963783827f5867 |
| SHA1 | a17760365094966220661ad87e57efe09cd85b84 |
| SHA256 | 74181072392a3727049ea3681fe9e59516373809ced53e08f6da7c496b76e117 |
| SHA512 | d9443b70fcdc4d0ea1cb93a88325012d3f99db88c36393a7ded6d04f590e582f7f1640d8b153fe3c5342fa93802a8374f03f6cd37dd40cdbb5ade2e07fad1e09 |
C:\Users\Admin\AppData\Local\Temp\_MEI50842\select.pyd
| MD5 | c97a587e19227d03a85e90a04d7937f6 |
| SHA1 | 463703cf1cac4e2297b442654fc6169b70cfb9bf |
| SHA256 | c4aa9a106381835cfb5f9badfb9d77df74338bc66e69183757a5a3774ccdaccf |
| SHA512 | 97784363f3b0b794d2f9fd6a2c862d64910c71591006a34eedff989ecca669ac245b3dfe68eaa6da621209a3ab61d36e9118ebb4be4c0e72ce80fab7b43bde12 |
C:\Users\Admin\AppData\Local\Temp\_MEI50842\_queue.pyd
| MD5 | f00133f7758627a15f2d98c034cf1657 |
| SHA1 | 2f5f54eda4634052f5be24c560154af6647eee05 |
| SHA256 | 35609869edc57d806925ec52cca9bc5a035e30d5f40549647d4da6d7983f8659 |
| SHA512 | 1c77dd811d2184beedf3c553c3f4da2144b75c6518543f98c630c59cd597fcbf6fd22cfbb0a7b9ea2fdb7983ff69d0d99e8201f4e84a0629bc5733aa09ffc201 |
C:\Users\Admin\AppData\Local\Temp\_MEI50842\_ssl.pyd
| MD5 | 208b0108172e59542260934a2e7cfa85 |
| SHA1 | 1d7ffb1b1754b97448eb41e686c0c79194d2ab3a |
| SHA256 | 5160500474ec95d4f3af7e467cc70cb37bec1d12545f0299aab6d69cea106c69 |
| SHA512 | 41abf6deab0f6c048967ca6060c337067f9f8125529925971be86681ec0d3592c72b9cc85dd8bdee5dd3e4e69e3bb629710d2d641078d5618b4f55b8a60cc69d |
C:\Users\Admin\AppData\Local\Temp\_MEI50842\libcrypto-1_1.dll
| MD5 | e94733523bcd9a1fb6ac47e10a267287 |
| SHA1 | 94033b405386d04c75ffe6a424b9814b75c608ac |
| SHA256 | f20eb4efd8647b5273fdaafceb8ccb2b8ba5329665878e01986cbfc1e6832c44 |
| SHA512 | 07dd0eb86498497e693da0f9dd08de5b7b09052a2d6754cfbc2aa260e7f56790e6c0a968875f7803cb735609b1e9b9c91a91b84913059c561bffed5ab2cbb29f |
C:\Users\Admin\AppData\Local\Temp\_MEI50842\libssl-1_1.dll
| MD5 | 25bde25d332383d1228b2e66a4cb9f3e |
| SHA1 | cd5b9c3dd6aab470d445e3956708a324e93a9160 |
| SHA256 | c8f7237e7040a73c2bea567acc9cec373aadd48654aaac6122416e160f08ca13 |
| SHA512 | ca2f2139bb456799c9f98ef8d89fd7c09d1972fa5dd8fc01b14b7af00bf8d2c2175fb2c0c41e49a6daf540e67943aad338e33c1556fd6040ef06e0f25bfa88fa |
C:\Users\Admin\AppData\Local\Temp\_MEI50842\_asyncio.pyd
| MD5 | 79f71c92c850b2d0f5e39128a59054f1 |
| SHA1 | a773e62fa5df1373f08feaa1fb8fa1b6d5246252 |
| SHA256 | 0237739399db629fdd94de209f19ac3c8cd74d48bebe40ad8ea6ac7556a51980 |
| SHA512 | 3fdef4c04e7d89d923182e3e48d4f3d866204e878abcaacff657256f054aeafafdd352b5a55ea3864a090d01169ec67b52c7f944e02247592417d78532cc5171 |
C:\Users\Admin\AppData\Local\Temp\_MEI50842\_overlapped.pyd
| MD5 | e5aceaf21e82253e300c0b78793887a8 |
| SHA1 | c58f78fbbe8713cb00ccdfeb1d8d7359f58ebfde |
| SHA256 | d950342686c959056ff43c9e5127554760fa20669d97166927dd6aae5494e02a |
| SHA512 | 517c29928d6623cf3b2bcdcd68551070d2894874893c0d115a0172d749b6fe102af6261c0fd1b65664f742fa96abbce2f8111a72e1a3c2f574b58b909205937f |
C:\Users\Admin\AppData\Local\Temp\_MEI50842\unicodedata.pyd
| MD5 | aa13ee6770452af73828b55af5cd1a32 |
| SHA1 | c01ece61c7623e36a834d8b3c660e7f28c91177e |
| SHA256 | 8fbed20e9225ff82132e97b4fefbb5ddbc10c062d9e3f920a6616ab27bb5b0fb |
| SHA512 | b2eeb9a7d4a32e91084fdae302953aac57388a5390f9404d8dfe5c4a8f66ca2ab73253cf5ba4cc55350d8306230dd1114a61e22c23f42fbcc5c0098046e97e0f |
C:\Users\Admin\AppData\Local\Temp\_MEI50842\capstone\lib\capstone.dll
| MD5 | 1c0a3d7dec9513cd4c742a7038c73445 |
| SHA1 | 8a7dcf7371b8c6711b6f49d85cec25196a885c03 |
| SHA256 | f59984896a7f3f35b5f169e3d0cc6f4429a363b0f2bf779fff8ef4ccdcc6b26a |
| SHA512 | 35182912d37265170b2ab3b2c417e26e49211eb5006b7fe8eae90f3c1c806db2477c5652065173e35f5ba7be4155a89286a6831ddbffccd82d526839bb54a596 |
C:\Users\Admin\AppData\Local\Temp\_MEI50842\lief\_lief.cp311-win_amd64.pyd
| MD5 | 4b71e3409eab0ff2c597b708aadc5d3d |
| SHA1 | cd2a29382255a86dd2f402f7df9dfe84515f2e07 |
| SHA256 | b6cea0f27e56df286ce2c975e3ee95af5d8fefd440d191d53a0aa0d0c9850d4d |
| SHA512 | 45c3fa067748ca303c8ed9dc7a67a692065457c3b2a54d8a333b435017589f8232ac9b97f9fcf6e0aeee34efedfaba5a71f60bb19a2acd0b0f9410d3df3fe298 |
C:\Users\Admin\AppData\Local\Temp\_MEI50842\pyscylla.cp311-win_amd64.pyd
| MD5 | bb134078c74d840020ed06c9d78473ad |
| SHA1 | ea77a6990327bacd1d90c25178c9e9eee6f13f6b |
| SHA256 | 70512f3a603eecff58005b7fe81490e62bf2e5054fee41384185f08f08b12ab1 |
| SHA512 | 4da284ca0f9327fef6c4a4be499bbef00cae7865a3072db38071d63431a849ca281bd44ad80bd30676361081dd1f3c0d91ae5c53d6f5a450e570a48a3a447c56 |
C:\Users\Admin\AppData\Local\Temp\_MEI50842\unicorn\lib\unicorn.dll
| MD5 | ac83172d51680cb603835f55f6bc54c0 |
| SHA1 | fcf9e4c6b57ce161c548d1b488a9db3adce29be0 |
| SHA256 | e9a7755b101d8b9dcdf2603fa099e0c86d7f2d5f791073b541f8931df3d2b7de |
| SHA512 | 83799b4dbb526d4cc44c9ed8db6390139161e39629c9168907ae931809d1e3b29e7dc655d1408362f78931f541b6ed9931e47ddc15bf2462d07449af70c5c175 |
C:\Users\Admin\AppData\Local\Temp\_MEI50842\xxhash\_xxhash.cp311-win_amd64.pyd
| MD5 | 4be92e853db01329ad68289f01275fa3 |
| SHA1 | 951ee641719b1ccca7e503549e94bc0062030329 |
| SHA256 | ca0d43ecde28983642e3d46db95536d6aa82fe097f6c6b1163822cf631f9b57a |
| SHA512 | 039412d039ab4b4d22c5143949ebf5e8b400df3f75f86e2130ab217cca6abecb422d525e70b0a00cd4e3f5cb5f6b75dc8007625ad756883c3ace64965176cae1 |
C:\Users\Admin\AppData\Local\Temp\_MEI50842\unlicense\application.py
| MD5 | 73739b5fd0fff599fc0278ca0dede513 |
| SHA1 | ec8f110bdc912e88197ab9ef224bc234677b2a4a |
| SHA256 | b90bb15baa59ecc5dde91d98052c096fbadb0becf3fad1c6c10f5670e9ec34f5 |
| SHA512 | 05e3fbfdb1c4fc925e9f94ee846f56d4b04f181dad81540f2310c09ec4fcfc7ad76e71faa475ed8f3edaedb70cfc9f031771e0e2724896aebb6386fe020771ca |
memory/4944-145-0x000001AA3C820000-0x000001AA3C821000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\frida-fd2c4a5eb94b6961b40d4621fe6dae95\64\frida-agent.dll
| MD5 | 9cdab18e1fecba503101554cfc602bc5 |
| SHA1 | 8c2b578374283ebe143094223ce888f5ea78860a |
| SHA256 | b2685e48da2be1be9ccc95e00ca58abfee8ca873caa3b758f96d8637e10d18d0 |
| SHA512 | e848691b206691137cafe735683ba1f44db9577602c9b6e58d7aedbb3ee096b486b319c022ffc84cd6654fb3cc5e8535c5877f706169b26f75f23bcb5bf77fd2 |
memory/4944-149-0x00007FF75C3A0000-0x00007FF75CD00000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI50842\unlicense\resources\frida.js
| MD5 | ba60199510ffbee1a736f005ecd74732 |
| SHA1 | 1eebe982ff33a283d0100d4ce53b49ea4e2f173a |
| SHA256 | f0de19d9c7a280b3c17d292a4bf473ab6e6d3f6df393a1beb7dac36bc621b6c4 |
| SHA512 | fad90fdcb995e9ef6a9f93aa5980929480386280385150a9e3cf9e110623b51fe75228321fccfdad5bcd01656b3c5295f269dd9da3c10692650928931da138de |
memory/4944-151-0x000001AA3E4D0000-0x000001AA3E4E0000-memory.dmp
memory/4944-152-0x00007FF75C3A0000-0x00007FF75CD00000-memory.dmp
memory/4944-153-0x00007FF75C3A0000-0x00007FF75CD00000-memory.dmp
memory/4944-154-0x00007FF75C3A0000-0x00007FF75CD00000-memory.dmp
memory/4944-181-0x00007FF75C3A0000-0x00007FF75CD00000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp3vsncr44\unlicense.tmp2
| MD5 | 6288128c8ad6bcc4907b971fae10c8d3 |
| SHA1 | 51b3021164b03545620b973d3f27709b746041af |
| SHA256 | 8fa60297d237da373adda0b2fa4252985f93b8e2a6e43b1c787c40e69a22c5fb |
| SHA512 | 940aee985d3fde5b3209a016e1fcc74d3b7410af7553fdc4278364e7a106fd6edb6c7d91c95b762b37f2420ee240870a5e658000b3d05cc5fe703f41c4ff828d |
C:\Users\Admin\AppData\Local\Temp\tmp2gv8_0wg\unlicense.tmp
| MD5 | 4a5c56ffd252674a1e09346450c60a37 |
| SHA1 | 0c7d7e2eb3956ea276381833c1b1eef45fff52f4 |
| SHA256 | 9aa1544f346805502e8751812f77d2fbb442696bc3856cc877f5fb60e5330c0b |
| SHA512 | 0a874e0f454601f8240b7d1cb3dcd2a472d58ec39de44dcc9e5fc87815e598eecd24f3f2a50f4b009b491a6c340d8d993f4d420aa1c75f0e8047ac2720cf2092 |
memory/4944-256-0x00007FF75C3A0000-0x00007FF75CD00000-memory.dmp
memory/4760-326-0x00007FF75C3A0000-0x00007FF75CD01000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 2e714f0328f750f4594b74b65dee9c1e |
| SHA1 | 092be611e3d373ec6b82f8ae2dbe79d309481516 |
| SHA256 | 085174e92b892188d12b2353aed5d57f3334c8eb811b1b9e50906c1ce939eb6f |
| SHA512 | 1cd2577c2ad125494dc7642466451ecaf192f079982aacd4990b6c61cbe44e6f518615b469574c44eb69135ad7339c214962d8d365a1e8777a25c81a71648609 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | ee4ebe0119347d59daeecdfdb2fd8848 |
| SHA1 | ff65d216c438d9fd0ce0b4e51acd07ec4ca17bdf |
| SHA256 | e52e8252fe40edee8009b1ff0d80d153733427295693aad98763536c24376aa3 |
| SHA512 | 46e94144b95d991ee52abbf305a46a6838aabb90782e6d9d28fc32b3546c4561a2a76b8440a4affc237654d723a6deb1d38d843268c738ef359fa6e9a05eef26 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs.js
| MD5 | 2a74396611dce91d8fc1451a8cc661d6 |
| SHA1 | 5ae9c1a720652f2a4653e26510d830418a6fcf86 |
| SHA256 | f4f757c84af97ee509a16f4d0dfc4599f72ee7218fa25a33aabcac971efd8a45 |
| SHA512 | 2ed399817a7bf44a400571e0b8dd412b6dbb991eebca2363574e3db212a7c05e8140ab197db4c57dcbc20aa484df5e2447d006d035139f0fffdc92879a3554bd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | dd810dcfe7dcaaf92431a70ca6f4a785 |
| SHA1 | f3bc20a5ff80cfedea6da1e741d25cd13da419c4 |
| SHA256 | bac6ed9f0927f1493537c7e0bfdb82d903d9e7fdb4d6b0c8bea9dd1eb7caac6d |
| SHA512 | 595a40de03001d2e3dc3868341c8eaeea2984e096ed3c95eef909634c3327b63922b0e52e68aea71096b9c1200c740beb336957286a1a39a506abb9ec6a8c301 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 12e393e5479c59caf1bf35ebbfcb05d6 |
| SHA1 | 3dc36f8763ee55e2e4558053634c0783df0ca85e |
| SHA256 | 8f4d30136c63860204362f8b66cd5f4a4e8e22586599fe3215e55429d3632437 |
| SHA512 | 97797dd9c9ab12286ece79743330e66242f3637807ad29d21b319b094119fefe3ba644e621b4a0660f0f6e5e7ff0353a233836321fbfd311508b67db41338ade |
memory/4760-454-0x00007FF75C3A0000-0x00007FF75CD01000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs-1.js
| MD5 | 543b1e0b55f9ef03dadef23038250a6c |
| SHA1 | 251f7cd421b0cebe07283ddc3a0a54eb87dda5b3 |
| SHA256 | dd064f1fb4a62bbaef9e9726eec08193e46f2652b2bbc46abb6bb422b6072b39 |
| SHA512 | 5b88f566f586f245531544aa91f25fd3fa11aaaf071e8c05fad15b812cdaa0e5d36a5daf9c6dbfde00162c7b0e260cc64ca5604383e9f801054e6909afe23970 |