hxxps://drive[.]google[.]com/file/d/1tZzLrNN-ZImFencl8wX4a2wgZavvoc-1/view?usp=sharing

Analysis

max time kernel
92s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2023, 22:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1tZzLrNN-ZImFencl8wX4a2wgZavvoc-1/view?usp=sharing

Score

7^/10

pyinstaller

Malware Config

Signatures

Executes dropped EXE 6 IoCs

pid	Process
4492	Synapse X.exe
6008	Synapse X.exe
5608	Synapse X.exe
4600	Synapse X.exe
720	Synapse X.exe
1552	Synapse X.exe

Loads dropped DLL 64 IoCs

pid	Process
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
4600	Synapse X.exe
4600	Synapse X.exe
4600	Synapse X.exe
4600	Synapse X.exe
4600	Synapse X.exe
4600	Synapse X.exe
4600	Synapse X.exe
4600	Synapse X.exe
4600	Synapse X.exe
4600	Synapse X.exe
4600	Synapse X.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Looks up external IP address via web service 4 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
189	api.ipify.org
193	api.ipify.org
194	api.ipify.org
188	api.ipify.org

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\b78d0202-a45c-4b2d-ac70-61d568133323.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230518004845.pma	setup.exe

Detects Pyinstaller 3 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x00060000000232fe-1473.dat	pyinstaller
behavioral1/files/0x00060000000232fe-1474.dat	pyinstaller
behavioral1/files/0x00060000000232fe-1610.dat	pyinstaller

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
5300	msedge.exe
5300	msedge.exe
4664	msedge.exe
4664	msedge.exe
4892	identity_helper.exe
4892	identity_helper.exe
6024	msedge.exe
6024	msedge.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
6008	Synapse X.exe
4600	Synapse X.exe
4600	Synapse X.exe
4600	Synapse X.exe
4600	Synapse X.exe
1552	Synapse X.exe
1552	Synapse X.exe
1552	Synapse X.exe
1552	Synapse X.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2508	firefox.exe
Token: SeDebugPrivilege	2508	firefox.exe
Token: SeRestorePrivilege	6084	7zG.exe
Token: 35	6084	7zG.exe
Token: SeSecurityPrivilege	6084	7zG.exe
Token: SeSecurityPrivilege	6084	7zG.exe
Token: SeDebugPrivilege	6008	Synapse X.exe
Token: SeIncreaseQuotaPrivilege	3684	WMIC.exe
Token: SeSecurityPrivilege	3684	WMIC.exe
Token: SeTakeOwnershipPrivilege	3684	WMIC.exe
Token: SeLoadDriverPrivilege	3684	WMIC.exe
Token: SeSystemProfilePrivilege	3684	WMIC.exe
Token: SeSystemtimePrivilege	3684	WMIC.exe
Token: SeProfSingleProcessPrivilege	3684	WMIC.exe
Token: SeIncBasePriorityPrivilege	3684	WMIC.exe
Token: SeCreatePagefilePrivilege	3684	WMIC.exe
Token: SeBackupPrivilege	3684	WMIC.exe
Token: SeRestorePrivilege	3684	WMIC.exe
Token: SeShutdownPrivilege	3684	WMIC.exe
Token: SeDebugPrivilege	3684	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3684	WMIC.exe
Token: SeRemoteShutdownPrivilege	3684	WMIC.exe
Token: SeUndockPrivilege	3684	WMIC.exe
Token: SeManageVolumePrivilege	3684	WMIC.exe
Token: 33	3684	WMIC.exe
Token: 34	3684	WMIC.exe
Token: 35	3684	WMIC.exe
Token: 36	3684	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3684	WMIC.exe
Token: SeSecurityPrivilege	3684	WMIC.exe
Token: SeTakeOwnershipPrivilege	3684	WMIC.exe
Token: SeLoadDriverPrivilege	3684	WMIC.exe
Token: SeSystemProfilePrivilege	3684	WMIC.exe
Token: SeSystemtimePrivilege	3684	WMIC.exe
Token: SeProfSingleProcessPrivilege	3684	WMIC.exe
Token: SeIncBasePriorityPrivilege	3684	WMIC.exe
Token: SeCreatePagefilePrivilege	3684	WMIC.exe
Token: SeBackupPrivilege	3684	WMIC.exe
Token: SeRestorePrivilege	3684	WMIC.exe
Token: SeShutdownPrivilege	3684	WMIC.exe
Token: SeDebugPrivilege	3684	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3684	WMIC.exe
Token: SeRemoteShutdownPrivilege	3684	WMIC.exe
Token: SeUndockPrivilege	3684	WMIC.exe
Token: SeManageVolumePrivilege	3684	WMIC.exe
Token: 33	3684	WMIC.exe
Token: 34	3684	WMIC.exe
Token: 35	3684	WMIC.exe
Token: 36	3684	WMIC.exe
Token: SeDebugPrivilege	4600	Synapse X.exe
Token: SeIncreaseQuotaPrivilege	5688	WMIC.exe
Token: SeSecurityPrivilege	5688	WMIC.exe
Token: SeTakeOwnershipPrivilege	5688	WMIC.exe
Token: SeLoadDriverPrivilege	5688	WMIC.exe
Token: SeSystemProfilePrivilege	5688	WMIC.exe
Token: SeSystemtimePrivilege	5688	WMIC.exe
Token: SeProfSingleProcessPrivilege	5688	WMIC.exe
Token: SeIncBasePriorityPrivilege	5688	WMIC.exe
Token: SeCreatePagefilePrivilege	5688	WMIC.exe
Token: SeBackupPrivilege	5688	WMIC.exe
Token: SeRestorePrivilege	5688	WMIC.exe
Token: SeShutdownPrivilege	5688	WMIC.exe
Token: SeDebugPrivilege	5688	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5688	WMIC.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2508	firefox.exe
2508	firefox.exe
2508	firefox.exe
2508	firefox.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
6084	7zG.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2508	firefox.exe
2508	firefox.exe
2508	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2508	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4100 wrote to memory of 2508	4100	firefox.exe	85
PID 4100 wrote to memory of 2508	4100	firefox.exe	85
PID 4100 wrote to memory of 2508	4100	firefox.exe	85
PID 4100 wrote to memory of 2508	4100	firefox.exe	85
PID 4100 wrote to memory of 2508	4100	firefox.exe	85
PID 4100 wrote to memory of 2508	4100	firefox.exe	85
PID 4100 wrote to memory of 2508	4100	firefox.exe	85
PID 4100 wrote to memory of 2508	4100	firefox.exe	85
PID 4100 wrote to memory of 2508	4100	firefox.exe	85
PID 4100 wrote to memory of 2508	4100	firefox.exe	85
PID 4100 wrote to memory of 2508	4100	firefox.exe	85
PID 2508 wrote to memory of 4036	2508	firefox.exe	87
PID 2508 wrote to memory of 4036	2508	firefox.exe	87
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1652	2508	firefox.exe	88
PID 2508 wrote to memory of 1356	2508	firefox.exe	89
PID 2508 wrote to memory of 1356	2508	firefox.exe	89
PID 2508 wrote to memory of 1356	2508	firefox.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://drive.google.com/file/d/1tZzLrNN-ZImFencl8wX4a2wgZavvoc-1/view?usp=sharing
1⤵
- Suspicious use of WriteProcessMemory
PID:4100
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://drive.google.com/file/d/1tZzLrNN-ZImFencl8wX4a2wgZavvoc-1/view?usp=sharing
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2508.0.1532970400\69796073" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {10b50567-726a-4467-bc4c-b8034e7bf186} 2508 "\\.\pipe\gecko-crash-server-pipe.2508" 1932 22015e16b58 gpu
    3⤵
    PID:4036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2508.1.661295181\74537071" -parentBuildID 20221007134813 -prefsHandle 2428 -prefMapHandle 2424 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44697ba1-1bd2-416e-b13c-98fdc9f150f4} 2508 "\\.\pipe\gecko-crash-server-pipe.2508" 2440 22007e72b58 socket
    3⤵
    PID:1652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2508.2.1031181407\837364075" -childID 1 -isForBrowser -prefsHandle 3460 -prefMapHandle 3548 -prefsLen 21789 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {847ba03d-5d22-40c3-b26a-1ff04da54643} 2508 "\\.\pipe\gecko-crash-server-pipe.2508" 3456 22018c31e58 tab
    3⤵
    PID:1356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2508.3.1581628174\2052975675" -childID 2 -isForBrowser -prefsHandle 4088 -prefMapHandle 4084 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a786b66-3b7e-4729-9ad2-2611c8082c99} 2508 "\\.\pipe\gecko-crash-server-pipe.2508" 4104 2201a213e58 tab
    3⤵
    PID:4260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2508.4.1146543365\417461085" -childID 3 -isForBrowser -prefsHandle 4856 -prefMapHandle 4220 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {edbb088c-24b7-46ee-89cd-ea1a2a7aafe4} 2508 "\\.\pipe\gecko-crash-server-pipe.2508" 4840 2201a41a258 tab
    3⤵
    PID:5028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2508.5.472643963\1837537793" -childID 4 -isForBrowser -prefsHandle 4904 -prefMapHandle 4908 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9059ab3d-9d0e-4772-ac6a-2eb75afb581f} 2508 "\\.\pipe\gecko-crash-server-pipe.2508" 4676 2201af85358 tab
    3⤵
    PID:5060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2508.6.823518082\1086513192" -childID 5 -isForBrowser -prefsHandle 4956 -prefMapHandle 4952 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13ffe35f-5a79-4a23-9052-af10361d4666} 2508 "\\.\pipe\gecko-crash-server-pipe.2508" 5116 2201b527c58 tab
    3⤵
    PID:3532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2508.7.1121146786\2064619370" -childID 6 -isForBrowser -prefsHandle 5676 -prefMapHandle 5596 -prefsLen 26913 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd77cb56-8433-4917-b913-ae4f5fdb81a1} 2508 "\\.\pipe\gecko-crash-server-pipe.2508" 5672 2201d061a58 tab
    3⤵
    PID:320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd4,0xfc,0x100,0xd8,0x104,0x7ffcff9846f8,0x7ffcff984708,0x7ffcff984718
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,17943256953982095005,13343109928328103923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,17943256953982095005,13343109928328103923,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,17943256953982095005,13343109928328103923,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17943256953982095005,13343109928328103923,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17943256953982095005,13343109928328103923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17943256953982095005,13343109928328103923,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3772 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17943256953982095005,13343109928328103923,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17943256953982095005,13343109928328103923,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17943256953982095005,13343109928328103923,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,17943256953982095005,13343109928328103923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3556 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:5952
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff78f205460,0x7ff78f205470,0x7ff78f205480
    3⤵
    PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,17943256953982095005,13343109928328103923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3556 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17943256953982095005,13343109928328103923,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,17943256953982095005,13343109928328103923,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,17943256953982095005,13343109928328103923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17943256953982095005,13343109928328103923,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17943256953982095005,13343109928328103923,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1828 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17943256953982095005,13343109928328103923,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2332 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17943256953982095005,13343109928328103923,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:5388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5440

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5668

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Synapse X\" -spe -an -ai#7zMap16428:80:7zEvent8324
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:6084

C:\Users\Admin\Downloads\Synapse X\Synapse X.exe
"C:\Users\Admin\Downloads\Synapse X\Synapse X.exe"
1⤵
- Executes dropped EXE
PID:4492
- C:\Users\Admin\Downloads\Synapse X\Synapse X.exe
  "C:\Users\Admin\Downloads\Synapse X\Synapse X.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:6008
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:5096
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
    3⤵
    PID:900
  - - C:\Windows\System32\wbem\WMIC.exe
      C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3684

C:\Users\Admin\Downloads\Synapse X\Synapse X.exe
"C:\Users\Admin\Downloads\Synapse X\Synapse X.exe"
1⤵
- Executes dropped EXE
PID:5608
- C:\Users\Admin\Downloads\Synapse X\Synapse X.exe
  "C:\Users\Admin\Downloads\Synapse X\Synapse X.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4600
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:6112
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
    3⤵
    PID:3544
  - - C:\Windows\System32\wbem\WMIC.exe
      C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:5688

C:\Users\Admin\Downloads\Synapse X\Synapse X.exe
"C:\Users\Admin\Downloads\Synapse X\Synapse X.exe"
1⤵
- Executes dropped EXE
PID:720
- C:\Users\Admin\Downloads\Synapse X\Synapse X.exe
  "C:\Users\Admin\Downloads\Synapse X\Synapse X.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1552
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:5924
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
    3⤵
    PID:5776
  - - C:\Windows\System32\wbem\WMIC.exe
      C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
      4⤵
      PID:1240

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5a10efe23009825eadc90c37a38d9401

SHA1
fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0

SHA256
05e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5

SHA512
89416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1a3c45dc07f766430f7feaa3000fb18

SHA1
698a0485bcf0ab2a9283d4ebd31ade980b0661d1

SHA256
adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48

SHA512
9fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
a5c95d68728b53bffcef32e45ace7183

SHA1
efa1bb951a096c4ea479864cdd3f810b736fbe85

SHA256
62247ee1a99ef0a763d186f3d5943e117540581b13d040930c1246ca8b83a0e1

SHA512
32814015164f92a47e2e33e9a1269223f6dd64461fd61e67e0e1f645335d360fc0bb52302ce80e3ee8769cded7b212168f0840728b86f65c123a52f4b9c22296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
277946a579cd3807423e989866e72aff

SHA1
9deb1bd79d0bd04ff75abfdb46586aae0ae3a9c3

SHA256
e93612959addb52ee1b96299f9e1c38e15179b21099dd2691546e23821b89932

SHA512
db26f15b38bb221c184ba672eecc3b0eb0f4d8080bb0a47acc593e5395825057ec322aa2babdbb7b6e987a4e7aefb695a8cecfaab8fe978580a515022cfd8058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c8befb2a39ef0454d72fdb380ac149a9

SHA1
5df00d1a9a76436b43e0c16d9b9695b7f5cc49d6

SHA256
8c7b8f6a929de1eb7506ab9b77ad8e367bf0b158d2f72b51a32f1bfb3f9f5dde

SHA512
12a39fbe856d47a095857b69c36ab8aa323174b84616432f30d146cb1bb2be9ee407e877a67cb7b2e805c60e187ec9aff1c89e53fb80e44887a1e64c1194c4ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5e456b1ef2fb6032fab7fb7513a00911

SHA1
493191bb8fd92211c5870b88869ede3dbab5f94e

SHA256
96eff991162eea21c7bd3725ebb6e400befe505b34cd0a78619d70ab5d91a251

SHA512
12ca61dbf71b132d973c471777b27d078639faa3ae47087013c901612cc45a0b27c22158127a09080c99a75ce7441809dba9204524921f061c59fe289951557f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5edab6d3ffbeee247ccb4423f929a323

SHA1
a4ad201d149d59392a2a3163bd86ee900e20f3d9

SHA256
460cddb95ea1d9bc8d95d295dd051b49a1436437a91ddec5f131235b2d516933

SHA512
263fa99f03ea1ef381ca19f10fbe0362c1f9c129502dc6b730b076cafcf34b40a70ee8a0ee9446ec9c89c3a2d9855450609ec0f8cf9d0a1b2aebdd12be58d38c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
784a51387993e9aeb34d4ad4ed93ab48

SHA1
1cbf9ea1b6c2ea18c8670f26ebf9c11d7d245bc4

SHA256
567af49b26f4676e8c8ad07b34db13ae7a9e19ba01e6bd1af390a611b44413f8

SHA512
ba34c55cea5840723b16f09f0a790f823a5a65657f8163018cbfcbc3a13c83b1b4b6a1f8ca0fe188c1ba7d78cc9319889235c0f6042a2013755fc6d820e4b9e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
98e4dc4838dedf5a284db6ec25cd652c

SHA1
6138b728538facaa06fb840b2f5c93463c14f7c6

SHA256
74ee273d96000b3b8eb7c2ab0c7a9cb5f468b6c513c0d5e727e27339fa62dab8

SHA512
c3e6661cc1aa57e8670b30d25d70c5bb1b6a5ed3fe155fc782c6c3edc96013a21fac0eedb1c24296b31054a86170b3f8a1e0d4b4d6212171de5e5ff7b513c460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6a291ef1adecc2f9939d6c40fc38f5ba

SHA1
37448624f0e5b145f633e659b59d6239e3b4c6e4

SHA256
1fc6f826965f0a2245887efe1222a7b3272fd376c8385fd0fef9c8a0f739a4e2

SHA512
b8b05f2926b4cf156850351de472d046826c5a53053a5fe22a91b630439c55d730d4ab5b2be04b62c5ca0755aafea536c2e32c2c85ac3f402e1111314457f1f4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\activity-stream.discovery_stream.json.tmp

Filesize
148KB

MD5
92708bfcef17a9ad8dcae0b8bd1db384

SHA1
452569649067a5106730cd8b1dc268cbf386e6b4

SHA256
22ca7a30474a9706bff0c9234f12f5f94d46ab63b705701924e65ff91b77c62a

SHA512
413489b42bf7155fd3f3e2d31c510127015175928ed55fdd236e2fcb28e447887657a27adfa600acdd2592924e114bc56e78ab7a5389d8075b753b9a177a14e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\VCRUNTIME140_1.dll

Filesize
48KB

MD5
7e668ab8a78bd0118b94978d154c85bc

SHA1
dbac42a02a8d50639805174afd21d45f3c56e3a0

SHA256
e4b533a94e02c574780e4b333fcf0889f65ed00d39e32c0fbbda2116f185873f

SHA512
72bb41db17256141b06e2eaeb8fc65ad4abdb65e4b5f604c82b9e7e7f60050734137d602e0f853f1a38201515655b6982f2761ee0fa77c531aa58591c95f0032

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\VCRUNTIME140_1.dll

Filesize
48KB

MD5
7e668ab8a78bd0118b94978d154c85bc

SHA1
dbac42a02a8d50639805174afd21d45f3c56e3a0

SHA256
e4b533a94e02c574780e4b333fcf0889f65ed00d39e32c0fbbda2116f185873f

SHA512
72bb41db17256141b06e2eaeb8fc65ad4abdb65e4b5f604c82b9e7e7f60050734137d602e0f853f1a38201515655b6982f2761ee0fa77c531aa58591c95f0032

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\_asyncio.pyd

Filesize
63KB

MD5
61a5ae75f514b3ccbf1b939e06a5d451

SHA1
8154795e0f14415fb5802da65aafa91d7cbc57ec

SHA256
2b772076c2dba91fb4f61182b929485cc6c660baab4bce6e08aa18e414c69641

SHA512
bcd077d5d23fdab8427cc077b26626644b1b4b793c7f445e4f85094bd596c28319a854623b6e385f8e479b52726a9b843c4376bf288dc4f09edc30f332dbaf13

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\_asyncio.pyd

Filesize
63KB

MD5
61a5ae75f514b3ccbf1b939e06a5d451

SHA1
8154795e0f14415fb5802da65aafa91d7cbc57ec

SHA256
2b772076c2dba91fb4f61182b929485cc6c660baab4bce6e08aa18e414c69641

SHA512
bcd077d5d23fdab8427cc077b26626644b1b4b793c7f445e4f85094bd596c28319a854623b6e385f8e479b52726a9b843c4376bf288dc4f09edc30f332dbaf13

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\_bz2.pyd

Filesize
82KB

MD5
a62207fc33140de460444e191ae19b74

SHA1
9327d3d4f9d56f1846781bcb0a05719dea462d74

SHA256
ebcac51449f323ae3ae961a33843029c34b6a82138ccd9214cf99f98dd2148c2

SHA512
90f9db9ee225958cb3e872b79f2c70cb1fd2248ebaa8f3282afff9250285852156bf668f5cfec49a4591b416ce7ebaaac62d2d887152f5356512f2347e3762b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\_bz2.pyd

Filesize
82KB

MD5
a62207fc33140de460444e191ae19b74

SHA1
9327d3d4f9d56f1846781bcb0a05719dea462d74

SHA256
ebcac51449f323ae3ae961a33843029c34b6a82138ccd9214cf99f98dd2148c2

SHA512
90f9db9ee225958cb3e872b79f2c70cb1fd2248ebaa8f3282afff9250285852156bf668f5cfec49a4591b416ce7ebaaac62d2d887152f5356512f2347e3762b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\_ctypes.pyd

Filesize
120KB

MD5
9b344f8d7ce5b57e397a475847cc5f66

SHA1
aff1ccc2608da022ecc8d0aba65d304fe74cdf71

SHA256
b1214d7b7efd9d4b0f465ec3463512a1cbc5f59686267030f072e6ce4b2a95cf

SHA512
2b0d9e1b550bf108fa842324ab26555f2a224aefff517fdb16df85693e05adaf0d77ebe49382848f1ec68dc9b5ae75027a62c33721e42a1566274d1a2b1baa41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\_ctypes.pyd

Filesize
120KB

MD5
9b344f8d7ce5b57e397a475847cc5f66

SHA1
aff1ccc2608da022ecc8d0aba65d304fe74cdf71

SHA256
b1214d7b7efd9d4b0f465ec3463512a1cbc5f59686267030f072e6ce4b2a95cf

SHA512
2b0d9e1b550bf108fa842324ab26555f2a224aefff517fdb16df85693e05adaf0d77ebe49382848f1ec68dc9b5ae75027a62c33721e42a1566274d1a2b1baa41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\_lzma.pyd

Filesize
155KB

MD5
0c7ea68ca88c07ae6b0a725497067891

SHA1
c2b61a3e230b30416bc283d1f3ea25678670eb74

SHA256
f74aaf0aa08cf90eb1eb23a474ccb7cb706b1ede7f911daf7ae68480765bdf11

SHA512
fd52f20496a12e6b20279646663d880b1354cffea10793506fe4560ed7da53e4efba900ae65c9996fbb3179c83844a9674051385e6e3c26fb2622917351846b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\_lzma.pyd

Filesize
155KB

MD5
0c7ea68ca88c07ae6b0a725497067891

SHA1
c2b61a3e230b30416bc283d1f3ea25678670eb74

SHA256
f74aaf0aa08cf90eb1eb23a474ccb7cb706b1ede7f911daf7ae68480765bdf11

SHA512
fd52f20496a12e6b20279646663d880b1354cffea10793506fe4560ed7da53e4efba900ae65c9996fbb3179c83844a9674051385e6e3c26fb2622917351846b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\_overlapped.pyd

Filesize
49KB

MD5
7db2b9d0fd06f7bd7e32b52bd626f1ce

SHA1
6756c6adf03d4887f8be371954ef9179b2df78cd

SHA256
24f9971debbd864e3ba615a89d2c5b0e818f9ab2be4081499bc877761992c814

SHA512
5b3f55c89056c0bf816c480ed7f8aad943a5ca07bd9b9948f0aa7163664d462c3c46d233ee11dd101ce46dc8a53b29e8341e227fe462e81d29e257a6897a5f3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\_overlapped.pyd

Filesize
49KB

MD5
7db2b9d0fd06f7bd7e32b52bd626f1ce

SHA1
6756c6adf03d4887f8be371954ef9179b2df78cd

SHA256
24f9971debbd864e3ba615a89d2c5b0e818f9ab2be4081499bc877761992c814

SHA512
5b3f55c89056c0bf816c480ed7f8aad943a5ca07bd9b9948f0aa7163664d462c3c46d233ee11dd101ce46dc8a53b29e8341e227fe462e81d29e257a6897a5f3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\_queue.pyd

Filesize
31KB

MD5
06248702a6cd9d2dd20c0b1c6b02174d

SHA1
3f14d8af944fe0d35d17701033ff1501049e856f

SHA256
ac177cd84c12e03e3a68bca30290bc0b8f173eee518ef1fa6a9dce3a3e755a93

SHA512
5b22bbff56a8b48655332ebd77387d307f5c0a526626f3654267a34bc4863d8afaf08ff3946606f3cf00b660530389c37bdfac91843808dbebc7373040fec4c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\_queue.pyd

Filesize
31KB

MD5
06248702a6cd9d2dd20c0b1c6b02174d

SHA1
3f14d8af944fe0d35d17701033ff1501049e856f

SHA256
ac177cd84c12e03e3a68bca30290bc0b8f173eee518ef1fa6a9dce3a3e755a93

SHA512
5b22bbff56a8b48655332ebd77387d307f5c0a526626f3654267a34bc4863d8afaf08ff3946606f3cf00b660530389c37bdfac91843808dbebc7373040fec4c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\_socket.pyd

Filesize
77KB

MD5
26dd19a1f5285712068b9e41808e8fa0

SHA1
90c9a112dd34d45256b4f2ed38c1cbbc9f24dba5

SHA256
eaabf6b78840daeaf96b5bdbf06adf0e4e2994dfeee5c5e27fefd824dbda5220

SHA512
173e1eda05d297d7da2193e8566201f05428437adcac80aecefe80f82d46295b15ce10990b5c080325dc59a432a587eef84a15ec688a62b82493ad501a1e4520

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\_socket.pyd

Filesize
77KB

MD5
26dd19a1f5285712068b9e41808e8fa0

SHA1
90c9a112dd34d45256b4f2ed38c1cbbc9f24dba5

SHA256
eaabf6b78840daeaf96b5bdbf06adf0e4e2994dfeee5c5e27fefd824dbda5220

SHA512
173e1eda05d297d7da2193e8566201f05428437adcac80aecefe80f82d46295b15ce10990b5c080325dc59a432a587eef84a15ec688a62b82493ad501a1e4520

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\_sqlite3.pyd

Filesize
117KB

MD5
ffb03c18ed0f340fe9d86abaa9eef835

SHA1
d6295d7a100414ce76797c826d2d3c0b4df0c80e

SHA256
1d4e17237a10b68d16634fc9698edf342b40478d92fa15d574d212c7a44b05bb

SHA512
e911ce6e6b5de50696d7e7f14560c90b83c1179a946d2f5ddcf6fcf797c031dc65b42300685e97cfdc592bae5f974cc31c81d2e12994cd9c28d3f67df282dda5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\_sqlite3.pyd

Filesize
117KB

MD5
ffb03c18ed0f340fe9d86abaa9eef835

SHA1
d6295d7a100414ce76797c826d2d3c0b4df0c80e

SHA256
1d4e17237a10b68d16634fc9698edf342b40478d92fa15d574d212c7a44b05bb

SHA512
e911ce6e6b5de50696d7e7f14560c90b83c1179a946d2f5ddcf6fcf797c031dc65b42300685e97cfdc592bae5f974cc31c81d2e12994cd9c28d3f67df282dda5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\_ssl.pyd

Filesize
157KB

MD5
ab0e4fbffb6977d0196c7d50bc76cf2d

SHA1
680e581c27d67cd1545c810dbb175c2a2a4ef714

SHA256
680ad2de8a6cff927822c1d7dd22112a3e8a824e82a7958ee409a7b9ce45ec70

SHA512
2bff84a8ec7a26dde8d1bb09792ead8636009c8ef3fa68300a75420197cd7b6c8eaaf8db6a5f97442723e5228afa62961f002948e0eeee8c957c6517547dffba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\_ssl.pyd

Filesize
157KB

MD5
ab0e4fbffb6977d0196c7d50bc76cf2d

SHA1
680e581c27d67cd1545c810dbb175c2a2a4ef714

SHA256
680ad2de8a6cff927822c1d7dd22112a3e8a824e82a7958ee409a7b9ce45ec70

SHA512
2bff84a8ec7a26dde8d1bb09792ead8636009c8ef3fa68300a75420197cd7b6c8eaaf8db6a5f97442723e5228afa62961f002948e0eeee8c957c6517547dffba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\base_library.zip

Filesize
1.7MB

MD5
ebb4f1a115f0692698b5640869f30853

SHA1
9ba77340a6a32af08899e7f3c97841724dd78c3f

SHA256
4ab0deb6a298d14a0f50d55dc6ce5673b6c5320817ec255acf282191642a4576

SHA512
3f6ba7d86c9f292344f4ad196f4ae863bf936578dd7cfac7dc4aaf05c2c78e68d5f813c4ed36048b6678451f1717deeb77493d8557ee6778c6a70beb5294d21a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\libcrypto-1_1.dll

Filesize
3.3MB

MD5
9d7a0c99256c50afd5b0560ba2548930

SHA1
76bd9f13597a46f5283aa35c30b53c21976d0824

SHA256
9b7b4a0ad212095a8c2e35c71694d8a1764cd72a829e8e17c8afe3a55f147939

SHA512
cb39aa99b9d98c735fdacf1c5ed68a4d09d11f30262b91f6aa48c3f8520eff95e499400d0ce7e280ca7a90ff6d7141d2d893ef0b33a8803a1cadb28ba9a9e3e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\libcrypto-1_1.dll

Filesize
3.3MB

MD5
9d7a0c99256c50afd5b0560ba2548930

SHA1
76bd9f13597a46f5283aa35c30b53c21976d0824

SHA256
9b7b4a0ad212095a8c2e35c71694d8a1764cd72a829e8e17c8afe3a55f147939

SHA512
cb39aa99b9d98c735fdacf1c5ed68a4d09d11f30262b91f6aa48c3f8520eff95e499400d0ce7e280ca7a90ff6d7141d2d893ef0b33a8803a1cadb28ba9a9e3e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\libcrypto-1_1.dll

Filesize
3.3MB

MD5
9d7a0c99256c50afd5b0560ba2548930

SHA1
76bd9f13597a46f5283aa35c30b53c21976d0824

SHA256
9b7b4a0ad212095a8c2e35c71694d8a1764cd72a829e8e17c8afe3a55f147939

SHA512
cb39aa99b9d98c735fdacf1c5ed68a4d09d11f30262b91f6aa48c3f8520eff95e499400d0ce7e280ca7a90ff6d7141d2d893ef0b33a8803a1cadb28ba9a9e3e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\libssl-1_1.dll

Filesize
688KB

MD5
bec0f86f9da765e2a02c9237259a7898

SHA1
3caa604c3fff88e71f489977e4293a488fb5671c

SHA256
d74ce01319ae6f54483a19375524aa39d9f5fd91f06cf7df238ca25e043130fd

SHA512
ffbc4e5ffdb49704e7aa6d74533e5af76bbe5db297713d8e59bd296143fe5f145fbb616b343eed3c48eceaccccc2431630470d8975a4a17c37eafcc12edd19f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\libssl-1_1.dll

Filesize
688KB

MD5
bec0f86f9da765e2a02c9237259a7898

SHA1
3caa604c3fff88e71f489977e4293a488fb5671c

SHA256
d74ce01319ae6f54483a19375524aa39d9f5fd91f06cf7df238ca25e043130fd

SHA512
ffbc4e5ffdb49704e7aa6d74533e5af76bbe5db297713d8e59bd296143fe5f145fbb616b343eed3c48eceaccccc2431630470d8975a4a17c37eafcc12edd19f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\pyexpat.pyd

Filesize
194KB

MD5
48e6930e3095f5a2dcf9baa67098acfb

SHA1
ddcd143f386e74e9820a3f838058c4caa7123a65

SHA256
c1ed7017ce55119df27563d470e7dc3fb29234a7f3cd5fc82d317b6fe559300b

SHA512
b50f42f6c7ddbd64bf0ff37f40b8036d253a235fb67693a7f1ed096f5c3b94c2bde67d0db63d84a8c710505a891b43f913e1b1044c42b0f5f333d0fe0386a62c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\pyexpat.pyd

Filesize
194KB

MD5
48e6930e3095f5a2dcf9baa67098acfb

SHA1
ddcd143f386e74e9820a3f838058c4caa7123a65

SHA256
c1ed7017ce55119df27563d470e7dc3fb29234a7f3cd5fc82d317b6fe559300b

SHA512
b50f42f6c7ddbd64bf0ff37f40b8036d253a235fb67693a7f1ed096f5c3b94c2bde67d0db63d84a8c710505a891b43f913e1b1044c42b0f5f333d0fe0386a62c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\python3.DLL

Filesize
65KB

MD5
7442c154565f1956d409092ede9cc310

SHA1
c72f9c99ea56c8fb269b4d6b3507b67e80269c2d

SHA256
95086ac060ffe6933ac04a6aa289b1c7d321f14380315e24ba0d6c4adfa0842b

SHA512
2bf96828534bcdf71e48d1948b989011d8e3ba757c38cc17905a13d3021ea5deb57e2c68d79507a6acbb62be009cfc85b24d14543958dba1d3bc3e4ca7d4f844

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\python3.dll

Filesize
65KB

MD5
7442c154565f1956d409092ede9cc310

SHA1
c72f9c99ea56c8fb269b4d6b3507b67e80269c2d

SHA256
95086ac060ffe6933ac04a6aa289b1c7d321f14380315e24ba0d6c4adfa0842b

SHA512
2bf96828534bcdf71e48d1948b989011d8e3ba757c38cc17905a13d3021ea5deb57e2c68d79507a6acbb62be009cfc85b24d14543958dba1d3bc3e4ca7d4f844

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\python3.dll

Filesize
65KB

MD5
7442c154565f1956d409092ede9cc310

SHA1
c72f9c99ea56c8fb269b4d6b3507b67e80269c2d

SHA256
95086ac060ffe6933ac04a6aa289b1c7d321f14380315e24ba0d6c4adfa0842b

SHA512
2bf96828534bcdf71e48d1948b989011d8e3ba757c38cc17905a13d3021ea5deb57e2c68d79507a6acbb62be009cfc85b24d14543958dba1d3bc3e4ca7d4f844

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\python311.dll

Filesize
5.5MB

MD5
e2bd5ae53427f193b42d64b8e9bf1943

SHA1
7c317aad8e2b24c08d3b8b3fba16dd537411727f

SHA256
c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400

SHA512
ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\python311.dll

Filesize
5.5MB

MD5
e2bd5ae53427f193b42d64b8e9bf1943

SHA1
7c317aad8e2b24c08d3b8b3fba16dd537411727f

SHA256
c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400

SHA512
ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\pywin32_system32\pythoncom311.dll

Filesize
654KB

MD5
f98264f2dacfc8e299391ed1180ab493

SHA1
849551b6d9142bf983e816fef4c05e639d2c1018

SHA256
0fe49ec1143a0efe168809c9d48fe3e857e2ac39b19db3fd8718c56a4056696b

SHA512
6bb3dbd9f4d3e6b7bd294f3cb8b2ef4c29b9eff85c0cfd5e2d2465be909014a7b2ecd3dc06265b1b58196892bb04d3e6b0aa4b2ccbf3a716e0ff950eb28db11c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\pywin32_system32\pythoncom311.dll

Filesize
654KB

MD5
f98264f2dacfc8e299391ed1180ab493

SHA1
849551b6d9142bf983e816fef4c05e639d2c1018

SHA256
0fe49ec1143a0efe168809c9d48fe3e857e2ac39b19db3fd8718c56a4056696b

SHA512
6bb3dbd9f4d3e6b7bd294f3cb8b2ef4c29b9eff85c0cfd5e2d2465be909014a7b2ecd3dc06265b1b58196892bb04d3e6b0aa4b2ccbf3a716e0ff950eb28db11c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\pywin32_system32\pywintypes311.dll

Filesize
131KB

MD5
90b786dc6795d8ad0870e290349b5b52

SHA1
592c54e67cf5d2d884339e7a8d7a21e003e6482f

SHA256
89f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a

SHA512
c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\pywin32_system32\pywintypes311.dll

Filesize
131KB

MD5
90b786dc6795d8ad0870e290349b5b52

SHA1
592c54e67cf5d2d884339e7a8d7a21e003e6482f

SHA256
89f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a

SHA512
c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\select.pyd

Filesize
29KB

MD5
756c95d4d9b7820b00a3099faf3f4f51

SHA1
893954a45c75fb45fe8048a804990ca33f7c072d

SHA256
13e4d9a734a453a3613e11b6a518430099ad7e3d874ea407d1f9625b7f60268a

SHA512
0f54f0262cf8d71f00bf5666eb15541c6ecc5246cd298efd3b7dd39cdd29553a8242d204c42cfb28c537c3d61580153200373c34a94769f102b3baa288f6c398

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\select.pyd

Filesize
29KB

MD5
756c95d4d9b7820b00a3099faf3f4f51

SHA1
893954a45c75fb45fe8048a804990ca33f7c072d

SHA256
13e4d9a734a453a3613e11b6a518430099ad7e3d874ea407d1f9625b7f60268a

SHA512
0f54f0262cf8d71f00bf5666eb15541c6ecc5246cd298efd3b7dd39cdd29553a8242d204c42cfb28c537c3d61580153200373c34a94769f102b3baa288f6c398

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\sqlite3.dll

Filesize
1.4MB

MD5
35f55e2ad0ae11a273408cfeff75b1ab

SHA1
672bff2dea4351e1245806e6af7f1be5da9dd055

SHA256
919572560c314e46b1dba56418bbb50e1620c0af328aec394eaff580c58f2fc5

SHA512
b84a42b42a710cd5fe91def37207200141a03a8e93488d05099115f16961255248aa74c3a9800a82a0c4eb79348b570ca1a2bfa4e3168b5359ce063a688d26a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\sqlite3.dll

Filesize
1.4MB

MD5
35f55e2ad0ae11a273408cfeff75b1ab

SHA1
672bff2dea4351e1245806e6af7f1be5da9dd055

SHA256
919572560c314e46b1dba56418bbb50e1620c0af328aec394eaff580c58f2fc5

SHA512
b84a42b42a710cd5fe91def37207200141a03a8e93488d05099115f16961255248aa74c3a9800a82a0c4eb79348b570ca1a2bfa4e3168b5359ce063a688d26a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\win32api.pyd

Filesize
130KB

MD5
1d6762b494dc9e60ca95f7238ae1fb14

SHA1
aa0397d96a0ed41b2f03352049dafe040d59ad5d

SHA256
fae5323e2119a8f678055f4244177b5806c7b6b171b1945168f685631b913664

SHA512
0b561f651161a34c37ff8d115f154c52202f573d049681f8cdd7bba2e966bb8203780c19ba824b4a693ef12ef1eeef6aeeef96eb369e4b6129f1deb6b26aaa00

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\win32api.pyd

Filesize
130KB

MD5
1d6762b494dc9e60ca95f7238ae1fb14

SHA1
aa0397d96a0ed41b2f03352049dafe040d59ad5d

SHA256
fae5323e2119a8f678055f4244177b5806c7b6b171b1945168f685631b913664

SHA512
0b561f651161a34c37ff8d115f154c52202f573d049681f8cdd7bba2e966bb8203780c19ba824b4a693ef12ef1eeef6aeeef96eb369e4b6129f1deb6b26aaa00

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7202\cryptography-40.0.2.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
de991a17f9eb44df3a30ec2a2afa8f19

SHA1
b4b78506941ebece1f94afb87e17df8f17835bbe

SHA256
ddf305be29d033d2162c820cac4b1768c5c268fd08f866be8b020755155114a4

SHA512
012f6f432e4f8c0f97e99e31023e63135c2152018fd72deda62c344e34fe13b8afa9bfbf9fbc436fb36449156958b144de99d1d9fc306d21512d192354a4904d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js

Filesize
6KB

MD5
81f0c013f300eb4b957ced9af84a6182

SHA1
9b13c4d6ed6a22c74b63f3bf577e9caade35bc28

SHA256
664795ddc71cf917cb2aef2f781df61a6010307e600a4e8c74fbf5e1d746caf7

SHA512
1043607147760894628da367e706654fd5db4e01ce749827c9552c33dd19999a2087671ddae5aa13159a6baeb1e712ed5d4a9d79b3eef7b463d4d1152b1ffc28

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js

Filesize
6KB

MD5
b987e29f537b15bcbebb8e43e3e2e063

SHA1
affd8d814c7daa0ef6cbe4bdc71bfa93828e5e98

SHA256
808720bcb8e4946349693571c4925c55fbae9fffdd2413b02a07516dc5225384

SHA512
a3184090f1d471eab618a5084ca424d973b935b0dd500a36644db1bb8ef1187f02084dbc1cbe65d27a31041c858810f111a38239dce0f1f220e277fc5d2a55eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js

Filesize
7KB

MD5
c7831ba8f0d69671370c5cb50ddb832a

SHA1
f9e2d3b1b67efb0ab93c5460c80b516b66f45b2a

SHA256
478203ef567594ef80cb4c0c24f66a116fff7155fad9b212f3a8ce50c49481b5

SHA512
0a688a7c86b8ec87ac667e69b54a20d541de410585ebfc6f4c55c3bb6a581bc6f1f5bbf5f45ba9da3ad9e12f36189cb66ebf4b2334620982fc00ced4b8bf36c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js

Filesize
7KB

MD5
ea24b90198ef980781b908e7c2e73066

SHA1
7c53b1d81b9fb5cb315b73dd0e32db76b3a3f4d9

SHA256
f11ee3e5597d2cdbefe5e25d5e9021f5fd6039687439cd2ca041c53534bdbae7

SHA512
09c639ddedb9d218c7e5ac5d89a70958551614761103f379d02be2f68710d9468ee10cc05e3946699e2d88b9ce4883e8411b0c8a481434ae6f3037fb1d801f0e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs.js

Filesize
6KB

MD5
fcd5f37e5e4066f7cffe8eb106b6ce19

SHA1
b0a1c4d3d5c96271429fb09cb71055d177c13402

SHA256
38dbdb91f24f8e138803d71d0f7e4758fbb78e7f657208325fe30a501e225c67

SHA512
afdf7697bc784c3c85f30a8a1e4caa32459cf7f19c1ffacde04f62f089218ff1899ffe69fc465677d719546c8f91bea0d04807b13d58096f79aeba8eef0a0a15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1022B

MD5
d767a5824188b803ec266f7b844081e6

SHA1
7b9d0d43dab788c443f2f20509160c7bba516d23

SHA256
4d8dc8b7853d1ee1566671ed59690aa6fd07b4449fc9fa38aa907f6859d2343a

SHA512
b0cd361a0a9fc202b93269e32434f1690f48b5f8258a879c3774391b53ab1e2b2fbd7edec3e48da8cb5de8fe94b71ecdd67f633d0c69fc256b528613ac5f1756

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
36d1a82da21dd85e39999fa9c7d729eb

SHA1
9d106c40dca408b78aa8fa902161e3b4fc74fa1f

SHA256
bc06396724bbbb0a34e0c08092796bb5522a50a4446a5922d557963efb511947

SHA512
dcd7e42145b673249fb6e11a0c34208d34565afe39ad9932401fbaa3853edb0e0efbeef82228adb681bd42edf347176499f6f1ba3e5b66a326984cca8594f6e1

Download Submit
C:\Users\Admin\Downloads\Synapse X.rar

Filesize
33.3MB

MD5
e930b5a0ce330e5ed01f7b622de434e9

SHA1
a97ff917863676628ca545526671e9ae0348488b

SHA256
418ecdd9961f77925279eddf8fc65da80c2c07bf1cac560b366e1c46746a73e4

SHA512
9b0ca1596433abdde3f660ba1ff0e8c1aea02b14890e6a3dad2bdb7c48fbd0fb2e5ad360f9e6f32cbc1833c43bd3aabea29f8d48ef334129ac6a899dacf40162

Download Submit
C:\Users\Admin\Downloads\Synapse X\Synapse X.exe

Filesize
33.8MB

MD5
a4396940d931375dea7c15ee97dd243a

SHA1
3c92703ef4af2b012334350a883927e831165aec

SHA256
366023e8baed9ff9d37a7ee3bb1d3fca3c32774b2354393d98f5d01db3054077

SHA512
ed986628edf4ba9f702a7931c3d96ba5c82ff9c8963904c08083e3bff7946e5697b25e873837ada8331585ba9bde9c2584b292b5792374fe1ef7629c18b61e0c

Download Submit
C:\Users\Admin\Downloads\Synapse X\Synapse X.exe

Filesize
33.8MB

MD5
a4396940d931375dea7c15ee97dd243a

SHA1
3c92703ef4af2b012334350a883927e831165aec

SHA256
366023e8baed9ff9d37a7ee3bb1d3fca3c32774b2354393d98f5d01db3054077

SHA512
ed986628edf4ba9f702a7931c3d96ba5c82ff9c8963904c08083e3bff7946e5697b25e873837ada8331585ba9bde9c2584b292b5792374fe1ef7629c18b61e0c

Download Submit
C:\Users\Admin\Downloads\Synapse X\Synapse X.exe

Filesize
33.8MB

MD5
a4396940d931375dea7c15ee97dd243a

SHA1
3c92703ef4af2b012334350a883927e831165aec

SHA256
366023e8baed9ff9d37a7ee3bb1d3fca3c32774b2354393d98f5d01db3054077

SHA512
ed986628edf4ba9f702a7931c3d96ba5c82ff9c8963904c08083e3bff7946e5697b25e873837ada8331585ba9bde9c2584b292b5792374fe1ef7629c18b61e0c

Download Submit