hxxps://drive[.]google[.]com/file/d/1-WMShfYKCyWO6dSA91ymB9FHd80AjvOy/view?usp=drive_link

Analysis

max time kernel
483s
max time network
489s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
27-07-2024 17:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1-WMShfYKCyWO6dSA91ymB9FHd80AjvOy/view?usp=drive_link

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
1596	wave-cracked.exe
3964	wave-cracked.exe
5720	wave-cracked.exe
5820	wave-cracked.exe

Loads dropped DLL 64 IoCs

pid	Process
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
3964	wave-cracked.exe
5820	wave-cracked.exe
5820	wave-cracked.exe
5820	wave-cracked.exe
5820	wave-cracked.exe
5820	wave-cracked.exe
5820	wave-cracked.exe
5820	wave-cracked.exe
5820	wave-cracked.exe
5820	wave-cracked.exe
5820	wave-cracked.exe
5820	wave-cracked.exe
5820	wave-cracked.exe
5820	wave-cracked.exe
5820	wave-cracked.exe
5820	wave-cracked.exe
5820	wave-cracked.exe
5820	wave-cracked.exe
5820	wave-cracked.exe
5820	wave-cracked.exe
5820	wave-cracked.exe
5820	wave-cracked.exe
5820	wave-cracked.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 13 IoCs

Web Service

T1102

flow	ioc
75	discord.com
88	discord.com
76	discord.com
79	discord.com
86	discord.com
17	discord.com
78	discord.com
77	discord.com
85	discord.com
87	discord.com
89	discord.com
1	drive.google.com
6	drive.google.com

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\wave-cracked.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 846941.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\wave-cracked.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4292	msedge.exe
4292	msedge.exe
1624	msedge.exe
1624	msedge.exe
5100	msedge.exe
5100	msedge.exe
3760	identity_helper.exe
3760	identity_helper.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
2460	msedge.exe
2460	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3964	wave-cracked.exe
Token: SeDebugPrivilege	5820	wave-cracked.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 2868	1624	msedge.exe	78
PID 1624 wrote to memory of 2868	1624	msedge.exe	78
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 1012	1624	msedge.exe	79
PID 1624 wrote to memory of 4292	1624	msedge.exe	80
PID 1624 wrote to memory of 4292	1624	msedge.exe	80
PID 1624 wrote to memory of 4288	1624	msedge.exe	81
PID 1624 wrote to memory of 4288	1624	msedge.exe	81
PID 1624 wrote to memory of 4288	1624	msedge.exe	81
PID 1624 wrote to memory of 4288	1624	msedge.exe	81
PID 1624 wrote to memory of 4288	1624	msedge.exe	81
PID 1624 wrote to memory of 4288	1624	msedge.exe	81
PID 1624 wrote to memory of 4288	1624	msedge.exe	81
PID 1624 wrote to memory of 4288	1624	msedge.exe	81
PID 1624 wrote to memory of 4288	1624	msedge.exe	81
PID 1624 wrote to memory of 4288	1624	msedge.exe	81
PID 1624 wrote to memory of 4288	1624	msedge.exe	81
PID 1624 wrote to memory of 4288	1624	msedge.exe	81
PID 1624 wrote to memory of 4288	1624	msedge.exe	81
PID 1624 wrote to memory of 4288	1624	msedge.exe	81
PID 1624 wrote to memory of 4288	1624	msedge.exe	81
PID 1624 wrote to memory of 4288	1624	msedge.exe	81
PID 1624 wrote to memory of 4288	1624	msedge.exe	81
PID 1624 wrote to memory of 4288	1624	msedge.exe	81
PID 1624 wrote to memory of 4288	1624	msedge.exe	81
PID 1624 wrote to memory of 4288	1624	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1-WMShfYKCyWO6dSA91ymB9FHd80AjvOy/view?usp=drive_link
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff83caa3cb8,0x7ff83caa3cc8,0x7ff83caa3cd8
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,2380816450006928016,3908155188719029725,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,2380816450006928016,3908155188719029725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,2380816450006928016,3908155188719029725,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,2380816450006928016,3908155188719029725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,2380816450006928016,3908155188719029725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,2380816450006928016,3908155188719029725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,2380816450006928016,3908155188719029725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,2380816450006928016,3908155188719029725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,2380816450006928016,3908155188719029725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,2380816450006928016,3908155188719029725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,2380816450006928016,3908155188719029725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,2380816450006928016,3908155188719029725,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5504 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,2380816450006928016,3908155188719029725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,2380816450006928016,3908155188719029725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,2380816450006928016,3908155188719029725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,2380816450006928016,3908155188719029725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,2380816450006928016,3908155188719029725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,2380816450006928016,3908155188719029725,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6228 /prefetch:8
  2⤵
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,2380816450006928016,3908155188719029725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6592 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2460
- C:\Users\Admin\Downloads\wave-cracked.exe
  "C:\Users\Admin\Downloads\wave-cracked.exe"
  2⤵
  - Executes dropped EXE
  PID:1596
- - C:\Users\Admin\Downloads\wave-cracked.exe
    "C:\Users\Admin\Downloads\wave-cracked.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:3964
- C:\Users\Admin\Downloads\wave-cracked.exe
  "C:\Users\Admin\Downloads\wave-cracked.exe"
  2⤵
  - Executes dropped EXE
  PID:5720
- - C:\Users\Admin\Downloads\wave-cracked.exe
    "C:\Users\Admin\Downloads\wave-cracked.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:5820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1ff2a88b65e524450bf7c721960d7db

SHA1
382c798fcd7782c424d93262d79e625fcb5f84aa

SHA256
2d12365f3666f6e398456f0c441317bc8ad3e7b089feacc14756e2ae87379409

SHA512
f19c08edf1416435a7628064d85f89c643c248d0979ece629b882f600956f0d8cd93efbe253fa3ec61ad205233a8804807600f845e53e5ed8949290b80fe42d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
562b59fd3a3527ef4e850775b15d0836

SHA1
ffd14d901f78138fc2eece97c5e258b251bc6752

SHA256
0a64863cb40f9d3b13a7b768b62e8b4707dfee1d3e86a07e999acb87bd7d3430

SHA512
ef9fd3d83ab85b18cf0e0d17e2c7d71936f783e3ae38005e5c78742560332f88be7c4c936d4dc4179e93fde0240d2882d71ef7038289c8cbddbfc4790c0603c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
28KB

MD5
bfb4ad144233248db8f0b493c9f53943

SHA1
75f204ac49008ca945d35db03568db5ffa2ee27d

SHA256
57819395af403b8697d446c0ef64388fd0f4b33af5647bf8a79d0616cd903393

SHA512
0f5f4ffdc046a81da203998f22ce0f156036b3c14646faa1b1c30d6bd0cf5138b70b3d5ac60b2b6eed36d2beadc108b78119f757bea84705ac71a8f1b3d4dd6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
edb7c34e038a75147a6a857fb4b5831a

SHA1
33bc5dca84b1c44bca284f51e1a40605850dd6d7

SHA256
579a36eb2884e8bfd220d8d6730bff7b37d84ca34dc8b6a886982669656233fc

SHA512
94812c49e22290b997fb114c9693daca24497fc60822afb2da49d388f3a97966f0a93b6219e68268345a5e2254a7e97ee9338ae9d07c637ac300806d2a6238a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
ac302dc1993829eab6df6679c1a7d3de

SHA1
8dba25bf61e825cfb2c1c7192cfd580c7e58473b

SHA256
9c997cc88967759c9d34d04f970fd3805c7d56881d60b800907faecf201f3a96

SHA512
f9383a1a2c9f895784b45a04f33573370d31a6e2fcf1e404dc4465fa4510e308141fa933c0766710de51d88ce0a78cee91eddb2b73c6358faa6a6683e4a17f44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
bc9d5dbaed436cbba61ffe078d3f7e26

SHA1
b0a38fd47927901997d28ad296d6d1ee3d183609

SHA256
a7ea5effa9e9d5d16c19b120c842d0923e28a79c3ac26d0bbcbc9bc9337c7399

SHA512
209d5e3e145899b21bc8af83e73c7dbf25c583f3c888a731efe80a03062b1163053d9036aadfdd67fb423f60ac75855f557fc8fdc008b51bf64eb4166da8fd83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
949aaf7e84e4133bc1954f16e31a695c

SHA1
d6511a4b0f9089b54a961a893ec6d900cd19b8e7

SHA256
cf2965faf71f2b426e4f4aacd8b0011bf604fade658a41144f27afe9a6b62393

SHA512
843881905c9c9644a7aa4068ef8180192004bcc6193056126505bafee889a14f9c04f601fbae32ad2e10b07b53692ddd744eae6cc346a4dd4b4b530d82c50fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b75871939b83cb52a4d2527e5f044c62

SHA1
90fa93f100ef1e0a010f54b59fe4b4493f200d49

SHA256
0bd492bc215f81cf32449f15ed0e116f49653dbb4c1f1a84656296cd23aeeccd

SHA512
56703e571f0b4c5b5f02629c27a89f40daada79e19911820c0d6dea4370f8823d0ac2ac4b7fb2eb498a54e143671db11c59d6878c1ab72b8a967921187f24080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
0fb405adfbb4f19e8b11e0639003e5db

SHA1
1f690ad790874363517fa8b2d3f08d20aaf9bdd6

SHA256
ff2995abaaca1c2e6c12f880a95a20750df4c4ff77119759b43e7ddf7bcd785d

SHA512
9260866511224a747449df8293c9dd9a7bd54428b60985679c2863de0dcacf8d944a7226aa5aa4a7049f38abc2ad788aeba0060064b8df436c7359027b954ecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
209f594ad5a6cd5a246af59b424baa23

SHA1
ee9491f12d99f35a72263bf22d5eda019531ea03

SHA256
1735b4f3018e100ba78c80a2b8a3ce955731da8a638be5c9fe694a5074a0234c

SHA512
f43c095de1dc463d34c42089f6f04cd4fe8229bd6ca916ab1f7c4c4a5b5d26fb37576d7a76b30a94f65824f4d3634fb9bb4b54192517f5b7c4619a2b41dd5936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7a1f5153b30904af30769dd26872ac12

SHA1
7035534287faa76316605a0df28019cbd905f946

SHA256
aa4a2b4114f9450d17db01aff7391c15260e2c4ac83f5bf952478260393c6cc0

SHA512
7102de324a1717edbf7c6a358ac237ec11adf1176612ee0f6d0f323bbed69b5dbc94f27a615e995cfcdfbc61148cc87f42ff08a38dbb0ef31e6a48cb5b1472fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f626733be73c213dcf42377f3a667fff

SHA1
ec3b1dc85f83246645b07999ce5742d48e5407f0

SHA256
a7e25e384c9c2774c9b98afc140e90dbac0687df63f35f608d46adc6669d2888

SHA512
fabe74a7a90061011b72a04d2f680f7d90a80824fd03589b9517b3998051157416e1a79b295383ee7f1b0576c0c00609852ae7aafc998240278daf4e2154db54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d55e9d0664b2c3a74660c27637def2f0

SHA1
27ae2ed3cd5f9593f6167fb89ae10b4bc75a7b31

SHA256
884b19a57d66792e1233907331bfabfa8b68ef3e078c2ba6d363772005ec94f6

SHA512
07f2e22fc37b522e0e8ae1627749772b659992072b52c7a24198b0fd8652211a8ae12725586efbbbe1ce39ef3bb59be911a2414619cf642165a9e2447201e66b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6f6ac387628973aa81fe1a5d19ea1834

SHA1
2358402c6becd20c23e8a2538b20354d79f40fe3

SHA256
c066a3b6d40fbe5976fd37d912281634e1966dd668fc99d0deb5396b7cb2fe50

SHA512
afd370df83616659a0670249383bce20b658bedb13d88cb81b4da2bf58343bc7ebf46da02d5fe32aaf21b38f65c701e3d49b66c79bccfe06ed8ff38ea1ec253f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
604564df92941e316b01eeac37bf8322

SHA1
ed4b511e0972b33cf56da81decbc6b3009f59130

SHA256
cda760f977de361a21b8f8507769e81fd7a5cfe775ae3af010c5f45a3fe5cbbd

SHA512
505869e6038c34b0366e30eae7134371e9d3d9a0b1eef5d112e1d602f5838aab2cef2a366288364904d4b59b57a3b07f20164e124f1ed5bda44f9324f7a66853

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dfdfee4e05ec1b85297173e4c4c49b0c

SHA1
ba9b918878fbabc42800477b881101fa9ffbe51b

SHA256
dd0e1dfadfc8b9af69299889ee21717b9be00bb36f66300ea7e48a6d844c0915

SHA512
2d216876d1d12195122cd64af3a3113e0e663930a5014700398f1fa5dc4533eea3e123ca474e904b0d94ada9be67ad0388b1a83a65634aebb128ed748fca9966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7599f7582042889b496b1c9b9387d014

SHA1
8197637d972e8a79ca19c906512e536410d08bc6

SHA256
2ea8f7faa0da50efbda6d19094b6c9ff045101129106e05921f88e6ede7f5f9a

SHA512
748e473cb423401272ee000d7590d31a185f2764d16bd5429d9d48902e46415ea494d545f9dba5da8db5b0e9cc2d3575db4e9004613bad4b0b4ae692eee20d61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
afa7a03ad2e33879225dc5a8ecdc1756

SHA1
67896a74a3774bd3a653a1ada77cfcdf430004d2

SHA256
e54ec5afdb87665fb7bff4fff433cd250d894480aeede1df45b15cfb7274a043

SHA512
07dd45b755193f861f52240c52f8df82c42833177a8729fe3a23bdbbeab1a451f0022162e19bf39669a99d0477b730d1102a70af8281de636858030ebf5ab8de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0e93722b133e326330bd4230242c441d

SHA1
0d7a8971a6326e32f2daf500555b1ae5e9f98cec

SHA256
9b87397db3b47591b7eb756b43a91c54065b14ffe82057dd509f416cf84ab9f8

SHA512
9ceee69bbee5bc0185971f582d86ebc4660d9569c1ab8850ef094fc209252c96cc001fd7bcfe557166715af048abd09d2ec058b8ecd67af46a9a1c7ad4a92927

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f8a9af4b78d9056abfadb00699b0aee4

SHA1
15f961f2eee10d12e1fc9d0a4e51181ba8d386f0

SHA256
4a3427c4a1ff7306e20fc1aae8ed8f94a71cdd6662a4a8e1bf1f7f4606abbf4e

SHA512
abf6482dfc96d1efaa4f98e255dbdcc8eb5e9d78daa3f5df04ff7fa1dc25619e24c55f99d2f9d086b140fe380750d937fb9bf4786e0be9ce8954898a77d2bfea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bbf5b750a84d4f84ea7e981c52bb2ec6

SHA1
da31fc945b3c77f1414fdc76ef9f704d20918582

SHA256
585f2279fa5509d383884ec184c311eef60805d4527d5161dc18b0087744e14b

SHA512
a25cfde222cd5d1fa45188fac35455dcc67a0bc1c2f4265d2dacf187cf911273a3678e48c08f8919b6d1bfe247198c21bbd203d1d26a146a4b55a118676429bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6e687a46f2afbbbdb2944039481523fd

SHA1
97dbfa2076ddb9cd4940ba46afcadb2f8aa426dc

SHA256
daf8ae9f3547fff560036187fb6be1a81c816d51290aa9c48c3c883549736ffe

SHA512
64afb63e7c7e432c41c999389f1d146924484ab43764170487b1b231787184771ae8d2ac0e36a59ddad489d0a0d04e184429be0d21b107bc1a3763bbfdaf3613

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
606d639728eca83306a55eb9741221bc

SHA1
a2dac26716e02e1415ba8680cd57f9a67b95f2d7

SHA256
79948618bf50c28ebbdf184d6229ad68a78b56bade7e96e8696297825c01dc4d

SHA512
5800c5e54ee892b5d6bfb72fcdfea6faee8ad5dfedc99dd301e2c045829a7fe15ae33bbfcc56a91471dbc539835598fb2ff499e5f9c06d2e8e3adda5628eae35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
47192c8693ac27b8874a83e3e89d6279

SHA1
4863bc6d93a830b1a88b5f916653186c31d2577a

SHA256
27e69be4fceddc620523024dc8a1a04428a8462bbcfbd8b10993e06239de6743

SHA512
208bca857413c4f93c925d563a81bdf94576309fdfa6fe427170d86284a262e1149e259a530d76ef54de66ceffba65d7eac2abbf22f2760a46bdc850e4f89e8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
2b2790e15295ce152b8569e8ec2ad583

SHA1
b987a024c9c665f61913824b4f9e7242e248a8bd

SHA256
6a3706e6d0131839d29d093745147ff5c4b9dcb40cfe1d121de4264c841d03cf

SHA512
50e92eb01bb237cfe27b7002d73f53e9028e8b64bd0b660093e70107bff49aebe1af5211f2900b4fe36af2c16ead992451ed4e06917fe00ffe0257ed4eafdc80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
256685c29292884fcf9119a4b8dc12c5

SHA1
34af6b3fbc16abd624d8244f7a17ec517ab96afd

SHA256
8bcd0ed60d27193ef36e52483b5fa491b5b79ad5853b555ee53c921733613a9c

SHA512
3a57aa9ad263f01697139d64f6a85dfba61fa55c69b183b18fb26230a548d3fadaf87f8696c9d65efa07589dcc530fc8b712c662f53515815be2005b8c1a1323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
a92128ae63719cc6b0c0a592a43f56a6

SHA1
afa5d06b2b2981cdcc09a06188dda631bbae13c2

SHA256
37f7d81c529b589d6c3a2e2b9b744a8df67c6273578661ef204b6d952a820916

SHA512
b9efad7edd95c1a30279011ea976390de6f4e44567af7ac7a76c27b002846228eb4968a42916debfbfc658be39de72e42ba852a041345077d0cfd135b2674509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
533346bd57ad8d353bdd9221a6c86191

SHA1
02ac840fab3e6b5a9a229e3c15bd4c3f6c5a44c2

SHA256
ccd141095efd88e3549d68ee8c0ee3894733fdbaf1f5d19a98a8bb03df41cc2b

SHA512
5db61fad23a39abf4fc93f1eee8e049d94a19e6b5600b35e99e3278baa23d4300855158e5e6dbce0b3c35a0fa696af3c31279e43e285c3c337f796f96968d7c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
47a5abca42aaf93e866df282c526ba3a

SHA1
761c44ecc939312c0620909cc4cbf249c7fd852f

SHA256
67d00716725f372644aa4dafc61679752d939a61f922feefe09b7e1b71ca674a

SHA512
a81bbab8631f969016bc0f82f962b0e614bb1df0628566e3a879e7828fe9d154892929af0bbf030fd04479dfd6f8e7627e3b5ed552086fe49f54f432cd6b8602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ca11.TMP

Filesize
201B

MD5
29929bb944538fddd2e4e1650dc14195

SHA1
a0239677b849c816391b6c606a4080c76988e151

SHA256
e4ccf31bce4681f65e5010cf9708bbeb5d4145edb48f8cf4c0709a098d427d13

SHA512
eee73ff247e9bb136e537330a4ef14905573df20371141c41b5fed8ae77ff0e93f3b98055d202dc8fb40cb2cef08eb329449ab9911db84295d7a8f495c47734d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0235f7e719366e525ca8aa45c2afd4b5

SHA1
cf496a2c6e9beecf1ef5713f20ccfef89557c08e

SHA256
01eaece0807f2cdc40423e91a3fbdc759847af4e4c062026cb57420648f84ff2

SHA512
7c8053540f8d7f7e3a7b9cb9b930bc02a701d0bf0638fc0eba131d78391de22927bc2cc5ba27aa7249efb0d539f9de7cee3e91050ed29f1f981aed9d36ce2161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f16aed8e933b8d574fc35bad7e54c928

SHA1
7a617c504e91bab526ccb2cfeef87a7997df9fc6

SHA256
2fd770a1af6c2f67ec695c682f8ed8b3637a679803ccd4dd1d1365b81d28abe3

SHA512
9b9a574a47d9eaa07402589357c8d15338883d67b5ce1735d3e8684e5c36b71f83d330896b135104a68bdf3025c6e35d802ba550a03e5ca4d84663bcc91f8377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8ed485183aff8464e1cdeca74141bdfc

SHA1
b4e9a0e886d6e2fea96eb3ee22274aa7c38b6161

SHA256
ca2a1fb97a2cea0e3995e70afb8deab685503277bc33c432ba82367bb4c78bdd

SHA512
dabcc8f88d2ad62035756e256f1811676b884b4b18ff230b1957ca2fbe2289986bb4baa7ee353a1c8932bfd498261d95307c581477e69e092a8e09746e5a1029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ab4f5c2d863ff84b94d0f15156406f49

SHA1
0128d3a3d56828d3325df06b9e63669f143a74c4

SHA256
d88c739c9b617b48b3804a1d926237e5e829cf7d18b5a8271d1fd33854078c0e

SHA512
3b72feb1ff64057f70eeb1c9b164f8895857dc277fe7f906c1e794bae09d1db5addf450b45b48c2a4ea7ccc7c8807186dc3b377f720cc00641b2a46020e747e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\VCRUNTIME140_1.dll

Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\_asyncio.pyd

Filesize
69KB

MD5
477dba4d6e059ea3d61fad7b6a7da10e

SHA1
1f23549e60016eeed508a30479886331b22f7a8b

SHA256
5bebeb765ab9ef045bc5515166360d6f53890d3ad6fc360c20222d61841410b6

SHA512
8119362c2793a4c5da25a63ca68aa3b144db7e4c08c80cbe8c8e7e8a875f1bd0c30e497208ce20961ddb38d3363d164b6e1651d3e030ed7b8ee5f386faf809d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\_bz2.pyd

Filesize
83KB

MD5
5bebc32957922fe20e927d5c4637f100

SHA1
a94ea93ee3c3d154f4f90b5c2fe072cc273376b3

SHA256
3ed0e5058d370fb14aa5469d81f96c5685559c054917c7280dd4125f21d25f62

SHA512
afbe80a73ee9bd63d9ffa4628273019400a75f75454667440f43beb253091584bf9128cbb78ae7b659ce67a5faefdba726edb37987a4fe92f082d009d523d5d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\_cffi_backend.cp312-win_amd64.pyd

Filesize
178KB

MD5
0572b13646141d0b1a5718e35549577c

SHA1
eeb40363c1f456c1c612d3c7e4923210eae4cdf7

SHA256
d8a76d1e31bbd62a482dea9115fc1a109cb39af4cf6d1323409175f3c93113a7

SHA512
67c28432ca8b389acc26e47eb8c4977fddd4af9214819f89df07fecbc8ed750d5f35807a1b195508dd1d77e2a7a9d7265049dcfbfe7665a7fd1ba45da1e4e842

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\_ctypes.pyd

Filesize
122KB

MD5
fb454c5e74582a805bc5e9f3da8edc7b

SHA1
782c3fa39393112275120eaf62fc6579c36b5cf8

SHA256
74e0e8384f6c2503215f4cf64c92efe7257f1aec44f72d67ad37dc8ba2530bc1

SHA512
727ada80098f07849102c76b484e9a61fb0f7da328c0276d82c6ee08213682c89deeb8459139a3fbd7f561bffaca91650a429e1b3a1ff8f341cebdf0bfa9b65d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\_decimal.pyd

Filesize
251KB

MD5
492c0c36d8ed1b6ca2117869a09214da

SHA1
b741cae3e2c9954e726890292fa35034509ef0f6

SHA256
b8221d1c9e2c892dd6227a6042d1e49200cd5cb82adbd998e4a77f4ee0e9abf1

SHA512
b8f1c64ad94db0252d96082e73a8632412d1d73fb8095541ee423df6f00bc417a2b42c76f15d7e014e27baae0ef50311c3f768b1560db005a522373f442e4be0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\_hashlib.pyd

Filesize
64KB

MD5
da02cefd8151ecb83f697e3bd5280775

SHA1
1c5d0437eb7e87842fde55241a5f0ca7f0fc25e7

SHA256
fd77a5756a17ec0788989f73222b0e7334dd4494b8c8647b43fe554cf3cfb354

SHA512
a13bc5c481730f48808905f872d92cb8729cc52cfb4d5345153ce361e7d6586603a58b964a1ebfd77dd6222b074e5dcca176eaaefecc39f75496b1f8387a2283

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\_lzma.pyd

Filesize
156KB

MD5
195defe58a7549117e06a57029079702

SHA1
3795b02803ca37f399d8883d30c0aa38ad77b5f2

SHA256
7bf9ff61babebd90c499a8ed9b62141f947f90d87e0bbd41a12e99d20e06954a

SHA512
c47a9b1066dd9744c51ed80215bd9645aab6cc9d6a3f9df99f618e3dd784f6c7ce6f53eabe222cf134ee649250834193d5973e6e88f8a93151886537c62e2e2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\_multiprocessing.pyd

Filesize
34KB

MD5
2bd43e8973882e32c9325ef81898ae62

SHA1
1e47b0420a2a1c1d910897a96440f1aeef5fa383

SHA256
3c34031b464e7881d8f9d182f7387a86b883581fd020280ec56c1e3ec6f4cc2d

SHA512
9d51bbd25c836f4f5d1fb9b42853476e13576126b8b521851948bdf08d53b8d4b4f66d2c8071843b01aa5631abdf13dc53c708dba195656a30f262dce30a88ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\_overlapped.pyd

Filesize
54KB

MD5
7e4553ca5c269e102eb205585cc3f6b4

SHA1
73a60dbc7478877689c96c37107e66b574ba59c9

SHA256
d5f89859609371393d379b5ffd98e5b552078050e8b02a8e2900fa9b4ee8ff91

SHA512
65b72bc603e633596d359089c260ee3d8093727c4781bff1ec0b81c8244af68f69ff3141424c5de12355c668ae3366b4385a0db7455486c536a13529c47b54ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\_queue.pyd

Filesize
31KB

MD5
b7e5fbd7ef3eefff8f502290c0e2b259

SHA1
9decba47b1cdb0d511b58c3146d81644e56e3611

SHA256
dbdabb5fe0ccbc8b951a2c6ec033551836b072cab756aaa56b6f22730080d173

SHA512
b7568b9df191347d1a8d305bd8ddd27cbfa064121c785fa2e6afef89ec330b60cafc366be2b22409d15c9434f5e46e36c5cbfb10783523fdcac82c30360d36f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\_socket.pyd

Filesize
81KB

MD5
dd8ff2a3946b8e77264e3f0011d27704

SHA1
a2d84cfc4d6410b80eea4b25e8efc08498f78990

SHA256
b102522c23dac2332511eb3502466caf842d6bcd092fbc276b7b55e9cc01b085

SHA512
958224a974a3449bcfb97faab70c0a5b594fa130adc0c83b4e15bdd7aab366b58d94a4a9016cb662329ea47558645acd0e0cc6df54f12a81ac13a6ec0c895cd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\_sqlite3.pyd

Filesize
122KB

MD5
c3a41d98c86cdf7101f8671d6cebefda

SHA1
a06fce1ac0aab9f2fe6047642c90b1dd210fe837

SHA256
ee0e9b0a0af6a98d5e8ad5b9878688d2089f35978756196222b9d45f49168a9d

SHA512
c088372afcfe4d014821b728e106234e556e00e5a6605f616745b93f345f9da3d8b3f69af20e94dbadfd19d3aa9991eb3c7466db5648ea452356af462203706c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\_ssl.pyd

Filesize
174KB

MD5
c87c5890039c3bdb55a8bc189256315f

SHA1
84ef3c2678314b7f31246471b3300da65cb7e9de

SHA256
a5d361707f7a2a2d726b20770e8a6fc25d753be30bcbcbbb683ffee7959557c2

SHA512
e750dc36ae00249ed6da1c9d816f1bd7f8bc84ddea326c0cd0410dbcfb1a945aac8c130665bfacdccd1ee2b7ac097c6ff241bfc6cc39017c9d1cde205f460c44

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\_tkinter.pyd

Filesize
64KB

MD5
276791cca50a8b8a334d3f4f9ff520e2

SHA1
c0d73f309ef98038594c6338c81606a9947bd7f8

SHA256
a1c74836bad3d9b0aaec8dccd92e552b5ad583bfea7ef21cd40713a265d94f7e

SHA512
ef1ed2eacf86885531fc0963c84c1c99773d963d5a709030df6cfee5027604e1402a55b6fe26019a3ab922fd27895d0e2ef5572a50195372b1bfb1539eac0dd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\_uuid.pyd

Filesize
25KB

MD5
50521b577719195d7618a23b3103d8aa

SHA1
7020d2e107000eaf0eddde74bc3809df2c638e22

SHA256
acbf831004fb8b8d5340fe5debd9814c49bd282dd765c78faeb6bb5116288c78

SHA512
4ee950da8bbbd36932b488ec62fa046ac8fc35783a146edadbe063b8419a63d4dfb5bbd8c45e9e008fe708e6fc4a1fee1202fce92ffc95320547ba714fed95e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\_wmi.pyd

Filesize
36KB

MD5
8a9a59559c614fc2bcebb50073580c88

SHA1
4e4ced93f2cb5fe6a33c1484a705e10a31d88c4d

SHA256
752fb80edb51f45d3cc1c046f3b007802432b91aef400c985640d6b276a67c12

SHA512
9b17c81ff89a41307740371cb4c2f5b0cf662392296a7ab8e5a9eba75224b5d9c36a226dce92884591636c343b8238c19ef61c1fdf50cc5aa2da86b1959db413

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\base_library.zip

Filesize
1.3MB

MD5
55df3c98d18ec80bc37a6682ba0abcbb

SHA1
e3bf60cfecfee2473d4e0b07057af3c27afa6567

SHA256
d8de678c0ac0cecb7be261bda75511c47e6a565f0c6260eacf240c7c5039753b

SHA512
26368c9187155ee83c450bfc792938a2908c473ba60330ce95bcc3f780390043879bbff3949bd4a25b38343eac3c5c9ba709267959109c9c99a229809c97f3bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\libcrypto-3.dll

Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\libssl-3.dll

Filesize
768KB

MD5
19a2aba25456181d5fb572d88ac0e73e

SHA1
656ca8cdfc9c3a6379536e2027e93408851483db

SHA256
2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006

SHA512
df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\pyexpat.pyd

Filesize
197KB

MD5
958231414cc697b3c59a491cc79404a7

SHA1
3dec86b90543ea439e145d7426a91a7aca1eaab6

SHA256
efd6099b1a6efdadd988d08dce0d8a34bd838106238250bccd201dc7dcd9387f

SHA512
fd29d0aab59485340b68dc4552b9e059ffb705d4a64ff9963e1ee8a69d9d96593848d07be70528d1beb02bbbbd69793ee3ea764e43b33879f5c304d8a912c3be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\python3.DLL

Filesize
66KB

MD5
a07661c5fad97379cf6d00332999d22c

SHA1
dca65816a049b3cce5c4354c3819fef54c6299b0

SHA256
5146005c36455e7ede4b8ecc0dc6f6fa8ea6b4a99fedbabc1994ae27dfab9d1b

SHA512
6ddeb9d89ccb4d2ec5d994d85a55e5e2cc7af745056dae030ab8d72ee7830f672003f4675b6040f123fc64c19e9b48cabd0da78101774dafacf74a88fbd74b4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\python312.dll

Filesize
6.6MB

MD5
d521654d889666a0bc753320f071ef60

SHA1
5fd9b90c5d0527e53c199f94bad540c1e0985db6

SHA256
21700f0bad5769a1b61ea408dc0a140ffd0a356a774c6eb0cc70e574b929d2e2

SHA512
7a726835423a36de80fb29ef65dfe7150bd1567cac6f3569e24d9fe091496c807556d0150456429a3d1a6fd2ed0b8ae3128ea3b8674c97f42ce7c897719d2cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\select.pyd

Filesize
30KB

MD5
d0cc9fc9a0650ba00bd206720223493b

SHA1
295bc204e489572b74cc11801ed8590f808e1618

SHA256
411d6f538bdbaf60f1a1798fa8aa7ed3a4e8fcc99c9f9f10d21270d2f3742019

SHA512
d3ebcb91d1b8aa247d50c2c4b2ba1bf3102317c593cbf6c63883e8bf9d6e50c0a40f149654797abc5b4f17aee282ddd972a8cd9189bfcd5b9cec5ab9c341e20b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\sqlite3.dll

Filesize
1.5MB

MD5
e52f6b9bd5455d6f4874f12065a7bc39

SHA1
8a3cb731e9c57fd8066d6dad6b846a5f857d93c8

SHA256
7ef475d27f9634f6a75e88959e003318d7eb214333d25bdf9be1270fa0308c82

SHA512
764bfb9ead13361be7583448b78f239964532fd589e8a2ad83857192bf500f507260b049e1eb7522dedadc81ac3dfc76a90ddeb0440557844abed6206022da96

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\tcl86t.dll

Filesize
1.7MB

MD5
108d97000657e7b1b95626350784ed23

SHA1
3814e6e5356b26e6e538f2c1803418eb83941e30

SHA256
3d2769e69d611314d517fc9aad688a529670af94a7589f728107180ae105218f

SHA512
9475cd1c8fe2e769ed0e8469d1f19cdf808f930cccc3baf581888a705f195c9be02652168d9c1c25ba850502f94e7eb87687c2c75f0f699c38309bc92b9004a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\tk86t.dll

Filesize
1.5MB

MD5
4cdd92e60eb291053d2ad12bf0710749

SHA1
31424e8d35459ba43672f05abba1e37c23f74536

SHA256
b30576b60aee548838243601952a05b70a9fc937f5a607f6b1413cd5ed04d900

SHA512
80c3bb58817578708e14ba173bfbe8f62fb54efa22feb8ff08b9eefa4462b74062654f956f965c7caa8aa16295229b58ef9eea8d2c4c94652bde1e61038e6ffe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\unicodedata.pyd

Filesize
1.1MB

MD5
cc8142bedafdfaa50b26c6d07755c7a6

SHA1
0fcab5816eaf7b138f22c29c6d5b5f59551b39fe

SHA256
bc2cf23b7b7491edcf03103b78dbaf42afd84a60ea71e764af9a1ddd0fe84268

SHA512
c3b0c1dbe5bf159ab7706f314a75a856a08ebb889f53fe22ab3ec92b35b5e211edab3934df3da64ebea76f38eb9bfc9504db8d7546a36bc3cabe40c5599a9cbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\zlib1.dll

Filesize
143KB

MD5
fa87d95aa4f9348d3f3b75d62a23658d

SHA1
b8829e2ec83b1950ae013be60ed3e7616ce2ed80

SHA256
21feea753a6f991f01bcf9d30afada06eca3a105e97d5d81998ef359c4fc86a3

SHA512
cb965cfc905b7c588bd2009d4915973a004de658b6153de9fe2ae8b27c5612b56de14b95499ec050b70d16f89f0313cd81a3afa827a30c38aa206e44c11ef283

Download Submit
C:\Users\Admin\AppData\Roaming\microsoft_defender\info.flag

Filesize
5B

MD5
e3afed0047b08059d0fada10f400c1e5

SHA1
4e7afebcfbae000b22c7c85e5560f89a2a0280b4

SHA256
c1c224b03cd9bc7b6a86d77f5dace40191766c485cd55dc48caf9ac873335d6f

SHA512
887375daec62a9f02d32a63c9e14c7641a9a8a42e4fa8f6590eb928d9744b57bb5057a1d227e4d40ef911ac030590bbce2bfdb78103ff0b79094cee8425601f5

Download Submit
C:\Users\Admin\Downloads\wave-cracked.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/3964-1833-0x00007FF827100000-0x00007FF8291DA000-memory.dmp

Filesize
32.9MB

Download
memory/3964-1848-0x00007FF827100000-0x00007FF8291DA000-memory.dmp

Filesize
32.9MB

Download
memory/5820-4110-0x00007FF826B20000-0x00007FF828BFA000-memory.dmp

Filesize
32.9MB

Download