hxxps://filedm[.]com/s9C5b

Analysis

max time kernel
396s
max time network
402s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
17-08-2023 14:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://filedm.com/s9C5b

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 9 IoCs

pid	Process
1388	Synapse X Free - UWP 2.598_94351.exe
2752	Synapse X Free - UWP 2.598_94351.exe
592	setup94351.exe
1648	setup94351.exe
6032	setup94351.exe
5256	OfferInstaller.exe
5524	setup94351.exe
5592	Synapse X Free - UWP 2.598_94351.exe
5744	setup94351.exe

Loads dropped DLL 64 IoCs

pid	Process
1648	setup94351.exe
592	setup94351.exe
1648	setup94351.exe
592	setup94351.exe
592	setup94351.exe
592	setup94351.exe
592	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
592	setup94351.exe
592	setup94351.exe
592	setup94351.exe
592	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
592	setup94351.exe
592	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
592	setup94351.exe
592	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
592	setup94351.exe
592	setup94351.exe
592	setup94351.exe
592	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
592	setup94351.exe
592	setup94351.exe
592	setup94351.exe
592	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
592	setup94351.exe
592	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
592	setup94351.exe
592	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
592	setup94351.exe
592	setup94351.exe
592	setup94351.exe
592	setup94351.exe
592	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
592	setup94351.exe
592	setup94351.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
6084	4748	WerFault.exe	154

Delays execution with timeout.exe 5 IoCs

evasion

pid	Process
5472	timeout.exe
5712	timeout.exe
5784	timeout.exe
2000	timeout.exe
3904	timeout.exe

Enumerates processes with tasklist 1 TTPs 5 IoCs

Process Discovery

T1057

pid	Process
5332	tasklist.exe
5680	tasklist.exe
5732	tasklist.exe
5828	tasklist.exe
1240	tasklist.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Synapse X Beta Release.exe = "11001"	Synapse X Beta Release.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings	Synapse X Free - UWP 2.598_94351.exe
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings	msedge.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd942000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	setup94351.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	setup94351.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	setup94351.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	setup94351.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	setup94351.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	setup94351.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4	setup94351.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d42000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	setup94351.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 570464.crdownload:SmartScreen	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
5976	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
220	msedge.exe
220	msedge.exe
4460	msedge.exe
4460	msedge.exe
3468	identity_helper.exe
3468	identity_helper.exe
3512	msedge.exe
3512	msedge.exe
592	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
592	setup94351.exe
1648	setup94351.exe
592	setup94351.exe
1648	setup94351.exe
592	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
592	setup94351.exe
1648	setup94351.exe
592	setup94351.exe
1648	setup94351.exe
592	setup94351.exe
1648	setup94351.exe
592	setup94351.exe
592	setup94351.exe
592	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
592	setup94351.exe
592	setup94351.exe
592	setup94351.exe
1648	setup94351.exe
592	setup94351.exe
1648	setup94351.exe
1388	Synapse X Free - UWP 2.598_94351.exe
1388	Synapse X Free - UWP 2.598_94351.exe
1388	Synapse X Free - UWP 2.598_94351.exe
1388	Synapse X Free - UWP 2.598_94351.exe
1388	Synapse X Free - UWP 2.598_94351.exe
1388	Synapse X Free - UWP 2.598_94351.exe
1388	Synapse X Free - UWP 2.598_94351.exe
1388	Synapse X Free - UWP 2.598_94351.exe
1388	Synapse X Free - UWP 2.598_94351.exe
1388	Synapse X Free - UWP 2.598_94351.exe
1388	Synapse X Free - UWP 2.598_94351.exe
1388	Synapse X Free - UWP 2.598_94351.exe
1648	setup94351.exe
592	setup94351.exe
592	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
592	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
1648	setup94351.exe
592	setup94351.exe
1648	setup94351.exe
592	setup94351.exe
1648	setup94351.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	592	setup94351.exe
Token: SeDebugPrivilege	1648	setup94351.exe
Token: SeDebugPrivilege	5256	OfferInstaller.exe
Token: SeDebugPrivilege	5332	tasklist.exe
Token: SeDebugPrivilege	5680	tasklist.exe
Token: SeDebugPrivilege	5732	tasklist.exe
Token: SeDebugPrivilege	5828	tasklist.exe
Token: SeDebugPrivilege	5744	setup94351.exe
Token: SeDebugPrivilege	1240	tasklist.exe

Suspicious use of FindShellTrayWindow 48 IoCs

pid	Process
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
1388	Synapse X Free - UWP 2.598_94351.exe
2752	Synapse X Free - UWP 2.598_94351.exe
2752	Synapse X Free - UWP 2.598_94351.exe
1388	Synapse X Free - UWP 2.598_94351.exe
2752	Synapse X Free - UWP 2.598_94351.exe
1388	Synapse X Free - UWP 2.598_94351.exe
592	setup94351.exe
1648	setup94351.exe
5592	Synapse X Free - UWP 2.598_94351.exe
5592	Synapse X Free - UWP 2.598_94351.exe
5744	setup94351.exe
5592	Synapse X Free - UWP 2.598_94351.exe
1648	setup94351.exe
4748	Synapse X Beta Release.exe
4748	Synapse X Beta Release.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4460 wrote to memory of 4416	4460	msedge.exe	33
PID 4460 wrote to memory of 4416	4460	msedge.exe	33
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 4312	4460	msedge.exe	83
PID 4460 wrote to memory of 220	4460	msedge.exe	82
PID 4460 wrote to memory of 220	4460	msedge.exe	82
PID 4460 wrote to memory of 2792	4460	msedge.exe	84
PID 4460 wrote to memory of 2792	4460	msedge.exe	84
PID 4460 wrote to memory of 2792	4460	msedge.exe	84
PID 4460 wrote to memory of 2792	4460	msedge.exe	84
PID 4460 wrote to memory of 2792	4460	msedge.exe	84
PID 4460 wrote to memory of 2792	4460	msedge.exe	84
PID 4460 wrote to memory of 2792	4460	msedge.exe	84
PID 4460 wrote to memory of 2792	4460	msedge.exe	84
PID 4460 wrote to memory of 2792	4460	msedge.exe	84
PID 4460 wrote to memory of 2792	4460	msedge.exe	84
PID 4460 wrote to memory of 2792	4460	msedge.exe	84
PID 4460 wrote to memory of 2792	4460	msedge.exe	84
PID 4460 wrote to memory of 2792	4460	msedge.exe	84
PID 4460 wrote to memory of 2792	4460	msedge.exe	84
PID 4460 wrote to memory of 2792	4460	msedge.exe	84
PID 4460 wrote to memory of 2792	4460	msedge.exe	84
PID 4460 wrote to memory of 2792	4460	msedge.exe	84
PID 4460 wrote to memory of 2792	4460	msedge.exe	84
PID 4460 wrote to memory of 2792	4460	msedge.exe	84
PID 4460 wrote to memory of 2792	4460	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://filedm.com/s9C5b
1⤵
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba10746f8,0x7ffba1074708,0x7ffba1074718
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,1505931127986695002,1719562606136006796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,1505931127986695002,1719562606136006796,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,1505931127986695002,1719562606136006796,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1505931127986695002,1719562606136006796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1505931127986695002,1719562606136006796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1505931127986695002,1719562606136006796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1505931127986695002,1719562606136006796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1505931127986695002,1719562606136006796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1505931127986695002,1719562606136006796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1505931127986695002,1719562606136006796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,1505931127986695002,1719562606136006796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6436 /prefetch:8
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,1505931127986695002,1719562606136006796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1505931127986695002,1719562606136006796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1505931127986695002,1719562606136006796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1505931127986695002,1719562606136006796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1505931127986695002,1719562606136006796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1505931127986695002,1719562606136006796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2488 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1505931127986695002,1719562606136006796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,1505931127986695002,1719562606136006796,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,1505931127986695002,1719562606136006796,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6772 /prefetch:8
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,1505931127986695002,1719562606136006796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6548 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3512
- C:\Users\Admin\Downloads\Synapse X Free - UWP 2.598_94351.exe
  "C:\Users\Admin\Downloads\Synapse X Free - UWP 2.598_94351.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1388
- - C:\Users\Admin\AppData\Local\setup94351.exe
    C:\Users\Admin\AppData\Local\setup94351.exe hhwnd=720980 hreturntoinstaller hextras=id:--
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:1648
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""
      4⤵
      PID:3956
    - - C:\Windows\SysWOW64\find.exe
        
        find /I "1648"
        5⤵
        
        PID:3932
    - - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /FI "PID eq 1648" /fo csv
        5⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:1240
    - - C:\Windows\SysWOW64\timeout.exe
        
        timeout 5
        5⤵
        Delays execution with timeout.exe
        
        PID:3904
- - C:\Users\Admin\AppData\Local\setup94351.exe
    C:\Users\Admin\AppData\Local\setup94351.exe hready
    3⤵
    - Executes dropped EXE
    PID:6032
- C:\Users\Admin\Downloads\Synapse X Free - UWP 2.598_94351.exe
  "C:\Users\Admin\Downloads\Synapse X Free - UWP 2.598_94351.exe"
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2752
- - C:\Users\Admin\AppData\Local\setup94351.exe
    C:\Users\Admin\AppData\Local\setup94351.exe hhwnd=721388 hreturntoinstaller hextras=id:--
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:592
  - - C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe
      "C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:5256
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""
        5⤵
        
        PID:5648
      - C:\Windows\SysWOW64\find.exe
        
        find /I "5256"
        6⤵
        
        PID:5700
      - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /FI "PID eq 5256" /fo csv
        6⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:5680
      - C:\Windows\SysWOW64\timeout.exe
        
        timeout 1
        6⤵
        Delays execution with timeout.exe
        
        PID:5712
      - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /FI "PID eq 5256" /fo csv
        6⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:5732
      - C:\Windows\SysWOW64\find.exe
        
        find /I "5256"
        6⤵
        
        PID:5692
      - C:\Windows\SysWOW64\timeout.exe
        
        timeout 1
        6⤵
        Delays execution with timeout.exe
        
        PID:5784
      - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /FI "PID eq 5256" /fo csv
        6⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:5828
      - C:\Windows\SysWOW64\find.exe
        
        find /I "5256"
        6⤵
        
        PID:4476
      - C:\Windows\SysWOW64\timeout.exe
        
        timeout 5
        6⤵
        Delays execution with timeout.exe
        
        PID:2000
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""
      4⤵
      PID:5192
    - - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /FI "PID eq 592" /fo csv
        5⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:5332
    - - C:\Windows\SysWOW64\find.exe
        
        find /I "592"
        5⤵
        
        PID:5344
    - - C:\Windows\SysWOW64\timeout.exe
        
        timeout 5
        5⤵
        Delays execution with timeout.exe
        
        PID:5472
- - C:\Users\Admin\AppData\Local\setup94351.exe
    C:\Users\Admin\AppData\Local\setup94351.exe hready
    3⤵
    - Executes dropped EXE
    PID:5524
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt
    3⤵
    - Opens file in notepad (likely ransom note)
    PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1505931127986695002,1719562606136006796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1505931127986695002,1719562606136006796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,1505931127986695002,1719562606136006796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:5184
- C:\Users\Admin\Downloads\Synapse X Free - UWP 2.598_94351.exe
  "C:\Users\Admin\Downloads\Synapse X Free - UWP 2.598_94351.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5592
- - C:\Users\Admin\AppData\Local\setup94351.exe
    C:\Users\Admin\AppData\Local\setup94351.exe hhwnd=262792 hreturntoinstaller hextras=id:--
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,1505931127986695002,1719562606136006796,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5740 /prefetch:2
  2⤵
  PID:216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5076

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5632

C:\Users\Admin\Desktop\Synapse X UWP - v2.598\Synapse X Beta Release.exe
"C:\Users\Admin\Desktop\Synapse X UWP - v2.598\Synapse X Beta Release.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4748
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 2356
  2⤵
  - Program crash
  PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4748 -ip 4748
1⤵
PID:2096

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask
1⤵
PID:5356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Process Discovery

T1057

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
bd5436470d043d7fad544a1007c5ce19

SHA1
3191f3fd532cd30d484b99d96f85d712c599c86e

SHA256
188647b7417b6145b8238eb5b811ea42278f723ab568fc89aa0b838a36f0aa4e

SHA512
6303ac1f418ae2d988da4ab62e37a88d026ddc04d50e5fe02d13b5995b516d98f6c1590cb4ffb26ef95dfdac184f6b7891df1b334bea6e041f2348c17dc9d5f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\67AEE4151C4FF26BF17261A9538D4803_AE02B7A5257C8446CD0DB659EED812F5

Filesize
471B

MD5
58b577c2f2a16a54fd20efe7946e1c0a

SHA1
ed444679a2e1bd70b31b67626b662fa00f8a83a0

SHA256
278179ff6c7685fe10d100be46df68b575a4aa5e73bf1d00b792d86e82867b36

SHA512
ff1b494fec412953a552c0fc3ab3da812af6921ed8fd658b02cf85002758d42a7606f7b963ec5b3442b2b9c9fe64c950c924e4957b18ac466825a20225deaf6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_45E3C223BCF135987E4038FB6B0DBA13

Filesize
724B

MD5
27ff5ca88de13b04af3d31490d8c308e

SHA1
35e2ce253a77914301c2e8a7467f1f1660426e21

SHA256
3b4eabddc9ec51d962c222f17405506efd49d49d56efe520f26c47d69aa884a5

SHA512
e7e242a30a47d0cd5874cd6c189ba8473a50358830b59a38c414a1013a22bb533ee2402c81667ff9ad37fbc6dec15aec021a227b9f95050827aeaf73b237a53e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
4e0fe7728988209cbff8652b43a60c95

SHA1
ef233ba84b05996ff574d471b7e26f977428deca

SHA256
e625528ac144dcd468d3040bdc801b6aedface4d7b8af8ab47fc402e3d99c60b

SHA512
acc302cb6de3fd7ec58d7cfb8652c0a0834b13de495759e44bf38a18178d635ab9c0932a053353c6946d879ac2c7c6dfbe08d3d397c92d0a0d0e0f250007653a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
4e0fe7728988209cbff8652b43a60c95

SHA1
ef233ba84b05996ff574d471b7e26f977428deca

SHA256
e625528ac144dcd468d3040bdc801b6aedface4d7b8af8ab47fc402e3d99c60b

SHA512
acc302cb6de3fd7ec58d7cfb8652c0a0834b13de495759e44bf38a18178d635ab9c0932a053353c6946d879ac2c7c6dfbe08d3d397c92d0a0d0e0f250007653a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\67AEE4151C4FF26BF17261A9538D4803_AE02B7A5257C8446CD0DB659EED812F5

Filesize
442B

MD5
11c97728929266e588659123bdb366cc

SHA1
4978a084fe51da4dcb81a59b0e138b8461db5076

SHA256
7baf83df9e35a3911fb48c419acfedcd2b68d0ed4e8f5d43e121d9810376d8d3

SHA512
2e2c8803fd7f34c54bdec21cb232293cd4b9ac6af03f2b3b93507e4bd649189a4334426ff0db358e36f14fa45f697e41284d009cd8c2a4f9aef54253c6996e71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_45E3C223BCF135987E4038FB6B0DBA13

Filesize
392B

MD5
3214423be0f57ebaf903b684fd8fa632

SHA1
f712452dc4e6041aafa6dc790ba3bf51edc2d577

SHA256
ceab10cd9682082c5f7523bc126a8ef9e974f126102b33812c7441aeb25437b6

SHA512
601fd688d27af6c286c4880660e9bbf97ef9f487aa6b5632cad9145cf2d0109e6c0721f35a53e7c82c3b8b990d900b1ceec9bf8600d1a65e2300ad8149b17784

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_45E3C223BCF135987E4038FB6B0DBA13

Filesize
392B

MD5
185e15d5d25657db7bcc42d371906ec4

SHA1
2d3f9a53cfae732bd4194174399f4177b323c9bf

SHA256
d02c0f34c1cc61696fbcadfe4b347be7ca5a163b81787f3f60e692f5a5be0da0

SHA512
5310ec10da9970e6b0d721dcc23e186b31a6f99d36c683fb447808329579df372afea6d6d3627253247bb43b401c6eb0acb997db14d721391f4059a0f4a443f6

Download Submit
C:\Users\Admin\AppData\Local\Adaware\OfferInstaller.exe_Url_1hem3jux35iv1vzfopbi55gu03hcnxpl\7.14.2.0\24fnnory.newcfg

Filesize
798B

MD5
f3da41e2f01ec12a28efa662df2fa963

SHA1
9760227f497132829ec34fffec6184969043bba1

SHA256
a4544f806b5637e45e2e702c7997d0b6a52b805670a72aac518d189c3004d1c2

SHA512
ae4f56f93a2386abe8891ba5ba1cc7de166a28c6a2f3913870bed2926ac43469bbbf0b4b18acf2fce7c7f120056e36b3777aabbdf9715cc12d2159403e392e59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc99b0086d7714fd471ed4acc862ccc0

SHA1
39a3c43c97f778d67413a023d66e8e930d0e2314

SHA256
45ef01f81605bfd96126d5520c5aa0304c7fa7d5fdb3e4d5b2dd2bf84e2afd96

SHA512
c308fa3eda9235d67a506a5f058fefb9a769ec01d7b0d4f5a2397892cc4f8155301c55c1fac23bebacdd087ab3f47f1eacc9ff88eff4115a7d67aa7b1d6581a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
9e54c68557fd8e7ebf6f7cf3dbf128a9

SHA1
48041cf1cc221ce889d89da3640371b48cb91e55

SHA256
a68535d0b8ced4ec153b42766953d67169aef9eaf130d8211f49e9d77204d9bf

SHA512
6c7591cc4da255e024c047fe32910b1bb6cf2863873dcac448432d9c30c958657f51c527ee489c180537c0bc067a76b1598846c8649229b77105ce79badf5d21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e1de64cf281f6e23c817428f08ef179a

SHA1
dc9c8e6244822881a59b4e910f1dc12080d92928

SHA256
c02031a85023c2812dba32ee908081b80de431360e07de195678991d9c032606

SHA512
f644d8c94fcbdda130e7114f82abd2c1230b4bf6e3b7bebbb4e632a81c226aac188175d4fbec957ea9162a4ed30571c502a943673774f83c82adea06e175518f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
db5b08c0dda257551f160184be2ed5d0

SHA1
f9a932a1106fd36858ddbacdc3bd73ac835cdb7f

SHA256
1d87bb7308d9171a7a3cc56d4d71386bc492b757a12d3618d3cebc65b49bbe0f

SHA512
ffc955454b5c957c7fd485fc6b75b3445429f1869ec7c95a9f42827efe60515fc3ace890cb9bbe2f71fa5beda824ff5726c8b837f250696355f329b8522a46c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2aaaf15b10b4d5306d23e82256ffecab

SHA1
16193526d0170883092610938225fa3be779e4ee

SHA256
49eab287d83a05ea3e938d0bc467d0e9e410b41a3d36c905f22f95041c9f5f93

SHA512
d3bc6b3876a7abc045db6e21c0cbeb39284bd1f66333a50b892c842503fb0bb6e04c21783d9419c04047a6cc1f98ce6e9caef96f0c97b5b3f2659d21a62ce86a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e01749176b1bfad4637a901bc265e31f

SHA1
e56cd2c9e48e8cf55b050474a25d8b0c97b5f1a8

SHA256
59830f28d302ccd75f1ef366ab5f32cc7c158a76d8fcd57831de3a96d6e4c772

SHA512
b347ee38f7d3be518186bcd447469dcc586d8bb74ce7b7efc7a6c9be84b6666e075440188fdd2fc0342832f95eb37e585142339646de678b028bf2e2276b1db0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
50ddfb03e2d25f10442bc31eb11a68e4

SHA1
3a45a13ea94335fafcf11d4f3e202259ed4dbe3a

SHA256
481fe38c954c27db67ae901b81f09d04361d2f96e14f522665f95aa5112c53d4

SHA512
ebf200ad902b797b73c9b1dcfde98be0585c11819cc7a25abb79e5af06d9b9f55e1882fd9a8ff9cbf427cd687902b893f016711cc9dde72317ff7a821a11d9ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0524aa68692c6ac7e8ee0c851a3fbc37

SHA1
578a73d7ce38920e20dc91688216c5d29e30e0a6

SHA256
f7d97ee144088ca592bf39a4e22f2662bf5fd482ee0426ad73c7ebf5ca3b6dd9

SHA512
a98e2608fe89eb60c4a28e5408064b19b4846651b4260c1f8f1a9908eb86ee369949daa3893d2b8d9de9d24c90d891bb1aea7311748390fb77466e0777487380

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
96f00bbd6a174879c58220f95f0115f5

SHA1
d3d7f82b0bf27daf1b3903bfe050c2d05422050f

SHA256
644442e740a8c0bb20f712f6f84f5bf4a81bb29d4e9446b2832ca65618961107

SHA512
e7c5e90eb85aee7b81b9c163f618ad3789a48b256040f6f00eee7fce52c60e1ff491bf0538b9c846fb115b73163710e46a45ce056e3b41ca59d88c421502ccea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005

Filesize
17KB

MD5
aab2532f8363e63359dbf0c31981f57f

SHA1
a21523eb85636a0455977ffe525260a1a8568043

SHA256
a6abef5f074c67b1f9fbee679151a4c705b71f054c98f720dfabdc65786d5d13

SHA512
7b3c4ce6574b36bf0d4e05bba1063798b525744fdb37b28ad6fc78456ef7d704677795ae4dd0d0eda0954d15b3776395fa931abf82dd4b64583c360dd9916f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d0f8d3fdd4a8b25abdd25664defff719

SHA1
8e3ca69e592e6e28214cbb6975e9fc4f88d260d9

SHA256
5f200d03cd21064eaaa00c90d35301cb8f03034c243a33abaf4ce22a0efe68ed

SHA512
6688117d86423811258af6730508f80be1c565e74eaa41aa5affbe090acbca0ca94b73a33c098e183f9e28945970e3b1fa3324fe128d2eac1c56f83848b5eb46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
ccac9ae6d35a31f551be8347e04ee0e9

SHA1
73d31beb47ef02c1da3cebd7fe843f7a1a13b0eb

SHA256
dd341517c581067e7e7b64f4981485a0ec4542e5b9c207dd69fa24caa344555c

SHA512
a791ddb990a7d37b106ca8b5bef6fa6228b1e88dbc888cc4274d5d88fe2cdcc3965f096d8881b9e4f6c8213bde7a8446fe496c273660288209fe50b085025fca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
ef2b2caa231c0970de15f5dc58fd8329

SHA1
311cdc1c3288ae84881319daf0ff96fb76c3e864

SHA256
560f0c6e1857410ba7c17a3f66cbd56eb884c9a2b49473761689f0c78066a13d

SHA512
32197d2b595d2343ecc9595685e747ca45156f88cbb12c7675be3f159eacf36e575cb8b47f6f2a2f7b0fa5a060bd86888b7eb54ac11b6fd73c2f0911f4bbac10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0c8f17d9bb9ec454bd1d181ca9cf63d0

SHA1
2362769fda06a528b82264be4dc5f8099ce40701

SHA256
51a195eef24a732067300fff9f5301bd34fcda6d186de2b4aa6e71e833124299

SHA512
62002014334ed5b97456094a9d187700b10d180723b71456310af1ab7b1ac78cd7f7de709ebc294a00fda23ee26b3e494efc1ad475126ef67c987ca930d50828

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.LastScreen.dll

Filesize
57KB

MD5
6e001f8d0ee4f09a6673a9e8168836b6

SHA1
334ad3cf0e4e3c03415a4907b2d6cf7ba4cbcd38

SHA256
6a30f9c604c4012d1d2e1ba075213c378afb1bfcb94276de7995ed7bbf492859

SHA512
0eff2e6d3ad75abf801c2ab48b62bc93ebc5a128d2e03e507e6e5665ff9a2ab58a9d82ca71195073b971f8c473f339baffdd23694084eaaff321331b5faaecf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.LastScreen.dll

Filesize
57KB

MD5
6e001f8d0ee4f09a6673a9e8168836b6

SHA1
334ad3cf0e4e3c03415a4907b2d6cf7ba4cbcd38

SHA256
6a30f9c604c4012d1d2e1ba075213c378afb1bfcb94276de7995ed7bbf492859

SHA512
0eff2e6d3ad75abf801c2ab48b62bc93ebc5a128d2e03e507e6e5665ff9a2ab58a9d82ca71195073b971f8c473f339baffdd23694084eaaff321331b5faaecf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.LastScreen.dll

Filesize
57KB

MD5
6e001f8d0ee4f09a6673a9e8168836b6

SHA1
334ad3cf0e4e3c03415a4907b2d6cf7ba4cbcd38

SHA256
6a30f9c604c4012d1d2e1ba075213c378afb1bfcb94276de7995ed7bbf492859

SHA512
0eff2e6d3ad75abf801c2ab48b62bc93ebc5a128d2e03e507e6e5665ff9a2ab58a9d82ca71195073b971f8c473f339baffdd23694084eaaff321331b5faaecf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.LastScreen.dll

Filesize
57KB

MD5
6e001f8d0ee4f09a6673a9e8168836b6

SHA1
334ad3cf0e4e3c03415a4907b2d6cf7ba4cbcd38

SHA256
6a30f9c604c4012d1d2e1ba075213c378afb1bfcb94276de7995ed7bbf492859

SHA512
0eff2e6d3ad75abf801c2ab48b62bc93ebc5a128d2e03e507e6e5665ff9a2ab58a9d82ca71195073b971f8c473f339baffdd23694084eaaff321331b5faaecf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.LastScreen.dll

Filesize
57KB

MD5
6e001f8d0ee4f09a6673a9e8168836b6

SHA1
334ad3cf0e4e3c03415a4907b2d6cf7ba4cbcd38

SHA256
6a30f9c604c4012d1d2e1ba075213c378afb1bfcb94276de7995ed7bbf492859

SHA512
0eff2e6d3ad75abf801c2ab48b62bc93ebc5a128d2e03e507e6e5665ff9a2ab58a9d82ca71195073b971f8c473f339baffdd23694084eaaff321331b5faaecf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.dll

Filesize
117KB

MD5
08112f27dcd8f1d779231a7a3e944cb1

SHA1
39a98a95feb1b6295ad762e22aa47854f57c226f

SHA256
11c6a8470a3f2b2be9b8cafe5f9a0afce7303bfd02ab783a0f0ee09a184649fa

SHA512
afd0c7df58b63c7cfdbedea7169a1617f2ac4bad07347f8ed7757a25ab0719489d93272109b73a1b53e9c5997dedad8da89da7b339d30fc2573ca2f76c630ddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.dll

Filesize
117KB

MD5
08112f27dcd8f1d779231a7a3e944cb1

SHA1
39a98a95feb1b6295ad762e22aa47854f57c226f

SHA256
11c6a8470a3f2b2be9b8cafe5f9a0afce7303bfd02ab783a0f0ee09a184649fa

SHA512
afd0c7df58b63c7cfdbedea7169a1617f2ac4bad07347f8ed7757a25ab0719489d93272109b73a1b53e9c5997dedad8da89da7b339d30fc2573ca2f76c630ddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.dll

Filesize
117KB

MD5
08112f27dcd8f1d779231a7a3e944cb1

SHA1
39a98a95feb1b6295ad762e22aa47854f57c226f

SHA256
11c6a8470a3f2b2be9b8cafe5f9a0afce7303bfd02ab783a0f0ee09a184649fa

SHA512
afd0c7df58b63c7cfdbedea7169a1617f2ac4bad07347f8ed7757a25ab0719489d93272109b73a1b53e9c5997dedad8da89da7b339d30fc2573ca2f76c630ddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.dll

Filesize
117KB

MD5
08112f27dcd8f1d779231a7a3e944cb1

SHA1
39a98a95feb1b6295ad762e22aa47854f57c226f

SHA256
11c6a8470a3f2b2be9b8cafe5f9a0afce7303bfd02ab783a0f0ee09a184649fa

SHA512
afd0c7df58b63c7cfdbedea7169a1617f2ac4bad07347f8ed7757a25ab0719489d93272109b73a1b53e9c5997dedad8da89da7b339d30fc2573ca2f76c630ddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.dll

Filesize
117KB

MD5
08112f27dcd8f1d779231a7a3e944cb1

SHA1
39a98a95feb1b6295ad762e22aa47854f57c226f

SHA256
11c6a8470a3f2b2be9b8cafe5f9a0afce7303bfd02ab783a0f0ee09a184649fa

SHA512
afd0c7df58b63c7cfdbedea7169a1617f2ac4bad07347f8ed7757a25ab0719489d93272109b73a1b53e9c5997dedad8da89da7b339d30fc2573ca2f76c630ddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.dll

Filesize
117KB

MD5
08112f27dcd8f1d779231a7a3e944cb1

SHA1
39a98a95feb1b6295ad762e22aa47854f57c226f

SHA256
11c6a8470a3f2b2be9b8cafe5f9a0afce7303bfd02ab783a0f0ee09a184649fa

SHA512
afd0c7df58b63c7cfdbedea7169a1617f2ac4bad07347f8ed7757a25ab0719489d93272109b73a1b53e9c5997dedad8da89da7b339d30fc2573ca2f76c630ddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OServices.dll

Filesize
160KB

MD5
6df226bda27d26ce4523b80dbf57a9ea

SHA1
615f9aba84856026460dc54b581711dad63da469

SHA256
17d737175d50eee97ac1c77db415fe25cc3c7a3871b65b93cc3fad63808a9abc

SHA512
988961d7a95c9883a9a1732d0b5d4443c790c38e342a9e996b072b41d2e8686389f36a249f2232cb58d72f8396c849e9cc52285f35071942bec5c3754b213dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OServices.dll

Filesize
160KB

MD5
6df226bda27d26ce4523b80dbf57a9ea

SHA1
615f9aba84856026460dc54b581711dad63da469

SHA256
17d737175d50eee97ac1c77db415fe25cc3c7a3871b65b93cc3fad63808a9abc

SHA512
988961d7a95c9883a9a1732d0b5d4443c790c38e342a9e996b072b41d2e8686389f36a249f2232cb58d72f8396c849e9cc52285f35071942bec5c3754b213dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OServices.dll

Filesize
160KB

MD5
6df226bda27d26ce4523b80dbf57a9ea

SHA1
615f9aba84856026460dc54b581711dad63da469

SHA256
17d737175d50eee97ac1c77db415fe25cc3c7a3871b65b93cc3fad63808a9abc

SHA512
988961d7a95c9883a9a1732d0b5d4443c790c38e342a9e996b072b41d2e8686389f36a249f2232cb58d72f8396c849e9cc52285f35071942bec5c3754b213dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OServices.dll

Filesize
160KB

MD5
6df226bda27d26ce4523b80dbf57a9ea

SHA1
615f9aba84856026460dc54b581711dad63da469

SHA256
17d737175d50eee97ac1c77db415fe25cc3c7a3871b65b93cc3fad63808a9abc

SHA512
988961d7a95c9883a9a1732d0b5d4443c790c38e342a9e996b072b41d2e8686389f36a249f2232cb58d72f8396c849e9cc52285f35071942bec5c3754b213dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OServices.dll

Filesize
160KB

MD5
6df226bda27d26ce4523b80dbf57a9ea

SHA1
615f9aba84856026460dc54b581711dad63da469

SHA256
17d737175d50eee97ac1c77db415fe25cc3c7a3871b65b93cc3fad63808a9abc

SHA512
988961d7a95c9883a9a1732d0b5d4443c790c38e342a9e996b072b41d2e8686389f36a249f2232cb58d72f8396c849e9cc52285f35071942bec5c3754b213dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Core.dll

Filesize
56KB

MD5
f931e960cc4ed0d2f392376525ff44db

SHA1
1895aaa8f5b8314d8a4c5938d1405775d3837109

SHA256
1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870

SHA512
7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Extension.dll

Filesize
168KB

MD5
28f1996059e79df241388bd9f89cf0b1

SHA1
6ad6f7cde374686a42d9c0fcebadaf00adf21c76

SHA256
c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce

SHA512
9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Ninject.dll

Filesize
133KB

MD5
8db691813a26e7d0f1db5e2f4d0d05e3

SHA1
7c7a33553dd0b50b78bf0ca6974c77088da253eb

SHA256
3043a65f11ac204e65bca142ff4166d85f1b22078b126b806f1fecb2a315c701

SHA512
d02458180ec6e6eda89b5b0e387510ab2fad80f9ce57b8da548aaf85c34a59c39afaeacd1947bd5eb81bee1f6d612ca57d0b2b756d64098dfc96ca0bf2d9f62f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Ninject.dll

Filesize
133KB

MD5
8db691813a26e7d0f1db5e2f4d0d05e3

SHA1
7c7a33553dd0b50b78bf0ca6974c77088da253eb

SHA256
3043a65f11ac204e65bca142ff4166d85f1b22078b126b806f1fecb2a315c701

SHA512
d02458180ec6e6eda89b5b0e387510ab2fad80f9ce57b8da548aaf85c34a59c39afaeacd1947bd5eb81bee1f6d612ca57d0b2b756d64098dfc96ca0bf2d9f62f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\OfferPage.html

Filesize
1KB

MD5
9ba0a91b564e22c876e58a8a5921b528

SHA1
8eb23cab5effc0d0df63120a4dbad3cffcac6f1e

SHA256
2ad742b544e72c245f4e9c2e69f989486222477c7eb06e85d28492bd93040941

SHA512
38b5fb0f12887a619facce82779cb66e2592e5922d883b9dc4d5f9d2cb12e0f84324422cd881c948f430575febd510e948a22cd291595e3a0ba0307fce73bec9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\Config.tis

Filesize
291B

MD5
bf5328e51e8ab1211c509b5a65ab9972

SHA1
480dfb920e926d81bce67113576781815fbd1ea4

SHA256
98f22fb45530506548ae320c32ee4939d27017481d2ad0d784aa5516f939545b

SHA512
92bd7895c5ff8c40eecfdc2325ee5d1fb7ed86ce0ef04e8e4a65714fcf5603ea0c87b71afadb473433abb24f040ccabd960fa847b885322ad9771e304b661928

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\SciterWrapper.dll

Filesize
134KB

MD5
105a9e404f7ac841c46380063cc27f50

SHA1
ec27d9e1c3b546848324096283797a8644516ee3

SHA256
69fe749457218ec9a765f9aac74caf6d4f73084cf5175d3fd1e4f345af8b3b8b

SHA512
6990cbfc90c63962abde4fdaae321386f768be9fcf4d08bccd760d55aba85199f7a3e18bd7abe23c3a8d20ea9807cecaffb4e83237633663a8bb63dd9292d940

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\SciterWrapper.dll

Filesize
134KB

MD5
105a9e404f7ac841c46380063cc27f50

SHA1
ec27d9e1c3b546848324096283797a8644516ee3

SHA256
69fe749457218ec9a765f9aac74caf6d4f73084cf5175d3fd1e4f345af8b3b8b

SHA512
6990cbfc90c63962abde4fdaae321386f768be9fcf4d08bccd760d55aba85199f7a3e18bd7abe23c3a8d20ea9807cecaffb4e83237633663a8bb63dd9292d940

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\SciterWrapper.dll

Filesize
134KB

MD5
105a9e404f7ac841c46380063cc27f50

SHA1
ec27d9e1c3b546848324096283797a8644516ee3

SHA256
69fe749457218ec9a765f9aac74caf6d4f73084cf5175d3fd1e4f345af8b3b8b

SHA512
6990cbfc90c63962abde4fdaae321386f768be9fcf4d08bccd760d55aba85199f7a3e18bd7abe23c3a8d20ea9807cecaffb4e83237633663a8bb63dd9292d940

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\SciterWrapper.dll

Filesize
134KB

MD5
105a9e404f7ac841c46380063cc27f50

SHA1
ec27d9e1c3b546848324096283797a8644516ee3

SHA256
69fe749457218ec9a765f9aac74caf6d4f73084cf5175d3fd1e4f345af8b3b8b

SHA512
6990cbfc90c63962abde4fdaae321386f768be9fcf4d08bccd760d55aba85199f7a3e18bd7abe23c3a8d20ea9807cecaffb4e83237633663a8bb63dd9292d940

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\SciterWrapper.dll

Filesize
134KB

MD5
105a9e404f7ac841c46380063cc27f50

SHA1
ec27d9e1c3b546848324096283797a8644516ee3

SHA256
69fe749457218ec9a765f9aac74caf6d4f73084cf5175d3fd1e4f345af8b3b8b

SHA512
6990cbfc90c63962abde4fdaae321386f768be9fcf4d08bccd760d55aba85199f7a3e18bd7abe23c3a8d20ea9807cecaffb4e83237633663a8bb63dd9292d940

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.Net.dll

Filesize
101KB

MD5
83d37fb4f754c7f4e41605ec3c8608ea

SHA1
70401de8ce89f809c6e601834d48768c0d65159f

SHA256
56db33c0962b3c34cba5279d2441bc4c12f28b569eadc1b3885dd0951b2c4020

SHA512
f5f3479f485b1829bbfb7eb8087353aee569184f9c506af15c4e28bfe4f73bf2cc220d817f6dfc34b2a7a6f69453f0b71e64b79c4d500ff9a243799f68e88b9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.dll

Filesize
151KB

MD5
72990c7e32ee6c811ea3d2ea64523234

SHA1
a7fcbf83ec6eefb2235d40f51d0d6172d364b822

SHA256
e77e0b4f2762f76a3eaaadf5a3138a35ec06ece80edc4b3396de7a601f8da1b3

SHA512
2908b8c387d46b6329f027bc1e21a230e5b5c32460f8667db32746bc5f12f86927faa10866961cb2c45f6d594941f6828f9078ae7209a27053f6d11586fd2682

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.dll

Filesize
151KB

MD5
72990c7e32ee6c811ea3d2ea64523234

SHA1
a7fcbf83ec6eefb2235d40f51d0d6172d364b822

SHA256
e77e0b4f2762f76a3eaaadf5a3138a35ec06ece80edc4b3396de7a601f8da1b3

SHA512
2908b8c387d46b6329f027bc1e21a230e5b5c32460f8667db32746bc5f12f86927faa10866961cb2c45f6d594941f6828f9078ae7209a27053f6d11586fd2682

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.dll

Filesize
151KB

MD5
72990c7e32ee6c811ea3d2ea64523234

SHA1
a7fcbf83ec6eefb2235d40f51d0d6172d364b822

SHA256
e77e0b4f2762f76a3eaaadf5a3138a35ec06ece80edc4b3396de7a601f8da1b3

SHA512
2908b8c387d46b6329f027bc1e21a230e5b5c32460f8667db32746bc5f12f86927faa10866961cb2c45f6d594941f6828f9078ae7209a27053f6d11586fd2682

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.dll

Filesize
151KB

MD5
72990c7e32ee6c811ea3d2ea64523234

SHA1
a7fcbf83ec6eefb2235d40f51d0d6172d364b822

SHA256
e77e0b4f2762f76a3eaaadf5a3138a35ec06ece80edc4b3396de7a601f8da1b3

SHA512
2908b8c387d46b6329f027bc1e21a230e5b5c32460f8667db32746bc5f12f86927faa10866961cb2c45f6d594941f6828f9078ae7209a27053f6d11586fd2682

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\msvcp140.dll

Filesize
426KB

MD5
8ff1898897f3f4391803c7253366a87b

SHA1
9bdbeed8f75a892b6b630ef9e634667f4c620fa0

SHA256
51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad

SHA512
cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\msvcp140.dll

Filesize
426KB

MD5
8ff1898897f3f4391803c7253366a87b

SHA1
9bdbeed8f75a892b6b630ef9e634667f4c620fa0

SHA256
51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad

SHA512
cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\msvcp140.dll

Filesize
426KB

MD5
8ff1898897f3f4391803c7253366a87b

SHA1
9bdbeed8f75a892b6b630ef9e634667f4c620fa0

SHA256
51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad

SHA512
cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\vcruntime140.dll

Filesize
74KB

MD5
1a84957b6e681fca057160cd04e26b27

SHA1
8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe

SHA256
9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5

SHA512
5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\vcruntime140.dll

Filesize
74KB

MD5
1a84957b6e681fca057160cd04e26b27

SHA1
8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe

SHA256
9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5

SHA512
5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\vcruntime140.dll

Filesize
74KB

MD5
1a84957b6e681fca057160cd04e26b27

SHA1
8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe

SHA256
9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5

SHA512
5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

Download Submit
C:\Users\Admin\AppData\Local\setup94351.exe

Filesize
3.8MB

MD5
29d3a70cec060614e1691e64162a6c1e

SHA1
ce4daf2b1d39a1a881635b393450e435bfb7f7d1

SHA256
cc70b093a19610e9752794d757aec9ef07ca862ea9267ec6f9cc92b2aa882c72

SHA512
69d07437714259536373872e8b086fc4548f586e389f67e50f56d343e980546f92b8a13f28c853fc1daf187261087a9dceb33769ba2031c42382742d86c60e4b

Download Submit
C:\Users\Admin\AppData\Local\setup94351.exe

Filesize
3.8MB

MD5
29d3a70cec060614e1691e64162a6c1e

SHA1
ce4daf2b1d39a1a881635b393450e435bfb7f7d1

SHA256
cc70b093a19610e9752794d757aec9ef07ca862ea9267ec6f9cc92b2aa882c72

SHA512
69d07437714259536373872e8b086fc4548f586e389f67e50f56d343e980546f92b8a13f28c853fc1daf187261087a9dceb33769ba2031c42382742d86c60e4b

Download Submit
C:\Users\Admin\AppData\Local\setup94351.exe

Filesize
3.8MB

MD5
29d3a70cec060614e1691e64162a6c1e

SHA1
ce4daf2b1d39a1a881635b393450e435bfb7f7d1

SHA256
cc70b093a19610e9752794d757aec9ef07ca862ea9267ec6f9cc92b2aa882c72

SHA512
69d07437714259536373872e8b086fc4548f586e389f67e50f56d343e980546f92b8a13f28c853fc1daf187261087a9dceb33769ba2031c42382742d86c60e4b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-us\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Synapse X Free - UWP 2.598_94351.exe

Filesize
9.4MB

MD5
aca1a326fcab5bb042a1b51877192e69

SHA1
1b64317b58732bff20a78e103aaec5a8883aa102

SHA256
1a721347382b9cc7415a8fd9ae1b8ca257ff4bf3fb73aae51e66bf6c4d9b5349

SHA512
69d5b5bad9f46e38f6c0098739e7e71316f933593f398137de0be88b6e5734022b2db5d7709c1f4036be609f089ae31bfaa141532a5639cd053828540f96fbc7

Download Submit
C:\Users\Admin\Downloads\Synapse X Free - UWP 2.598_94351.exe

Filesize
9.4MB

MD5
aca1a326fcab5bb042a1b51877192e69

SHA1
1b64317b58732bff20a78e103aaec5a8883aa102

SHA256
1a721347382b9cc7415a8fd9ae1b8ca257ff4bf3fb73aae51e66bf6c4d9b5349

SHA512
69d5b5bad9f46e38f6c0098739e7e71316f933593f398137de0be88b6e5734022b2db5d7709c1f4036be609f089ae31bfaa141532a5639cd053828540f96fbc7

Download Submit
C:\Users\Admin\Downloads\Synapse X Free - UWP 2.598_94351.exe

Filesize
9.4MB

MD5
aca1a326fcab5bb042a1b51877192e69

SHA1
1b64317b58732bff20a78e103aaec5a8883aa102

SHA256
1a721347382b9cc7415a8fd9ae1b8ca257ff4bf3fb73aae51e66bf6c4d9b5349

SHA512
69d5b5bad9f46e38f6c0098739e7e71316f933593f398137de0be88b6e5734022b2db5d7709c1f4036be609f089ae31bfaa141532a5639cd053828540f96fbc7

Download Submit
C:\Users\Admin\Downloads\Synapse X Free - UWP 2.598_94351.exe

Filesize
9.4MB

MD5
aca1a326fcab5bb042a1b51877192e69

SHA1
1b64317b58732bff20a78e103aaec5a8883aa102

SHA256
1a721347382b9cc7415a8fd9ae1b8ca257ff4bf3fb73aae51e66bf6c4d9b5349

SHA512
69d5b5bad9f46e38f6c0098739e7e71316f933593f398137de0be88b6e5734022b2db5d7709c1f4036be609f089ae31bfaa141532a5639cd053828540f96fbc7

Download Submit
C:\Users\Admin\Downloads\Synapse X UWP - v2.598.zip

Filesize
8.3MB

MD5
57cd6e32b00a0d8cdf4c21419ed5f4e1

SHA1
64bf0c8bbc10c47438a718bf05ba7699c3676307

SHA256
d7c9221a81d8c2e099861cc70d58b6033df2c12abded17235abe2c54241ee313

SHA512
aa6a03aecc471baf3467e07b18db62d738e61dc9713ca62d693e6445b0f01eb33fe4944b25dd4310c6a22fbb8b9b896ed8ba14b7e34c8e11a2c01882cbdaf052

Download Submit
memory/592-420-0x0000000071710000-0x0000000071EC0000-memory.dmp

Filesize
7.7MB

Download
memory/592-600-0x0000000071710000-0x0000000071EC0000-memory.dmp

Filesize
7.7MB

Download
memory/592-486-0x0000000006010000-0x0000000006022000-memory.dmp

Filesize
72KB

Download
memory/592-432-0x0000000005660000-0x0000000005670000-memory.dmp

Filesize
64KB

Download
memory/592-408-0x0000000005710000-0x0000000005724000-memory.dmp

Filesize
80KB

Download
memory/592-456-0x0000000005850000-0x000000000586A000-memory.dmp

Filesize
104KB

Download
memory/592-419-0x0000000005760000-0x0000000005784000-memory.dmp

Filesize
144KB

Download
memory/592-565-0x0000000006650000-0x0000000006672000-memory.dmp

Filesize
136KB

Download
memory/592-428-0x0000000005790000-0x00000000057B8000-memory.dmp

Filesize
160KB

Download
memory/592-570-0x00000000075C0000-0x0000000007B64000-memory.dmp

Filesize
5.6MB

Download
memory/592-573-0x0000000008130000-0x00000000086E4000-memory.dmp

Filesize
5.7MB

Download
memory/592-441-0x00000000057C0000-0x00000000057EE000-memory.dmp

Filesize
184KB

Download
memory/592-466-0x0000000005950000-0x0000000005958000-memory.dmp

Filesize
32KB

Download
memory/592-629-0x0000000071710000-0x0000000071EC0000-memory.dmp

Filesize
7.7MB

Download
memory/592-595-0x0000000006F80000-0x0000000006FAE000-memory.dmp

Filesize
184KB

Download
memory/592-463-0x0000000005880000-0x000000000588A000-memory.dmp

Filesize
40KB

Download
memory/592-602-0x0000000005660000-0x0000000005670000-memory.dmp

Filesize
64KB

Download
memory/1648-383-0x0000000071710000-0x0000000071EC0000-memory.dmp

Filesize
7.7MB

Download
memory/1648-459-0x0000000005670000-0x0000000005694000-memory.dmp

Filesize
144KB

Download
memory/1648-601-0x0000000071710000-0x0000000071EC0000-memory.dmp

Filesize
7.7MB

Download
memory/1648-612-0x00000000054C0000-0x00000000054D0000-memory.dmp

Filesize
64KB

Download
memory/1648-469-0x0000000005720000-0x000000000574C000-memory.dmp

Filesize
176KB

Download
memory/1648-384-0x0000000000840000-0x0000000000C18000-memory.dmp

Filesize
3.8MB

Download
memory/1648-769-0x0000000071710000-0x0000000071EC0000-memory.dmp

Filesize
7.7MB

Download
memory/1648-564-0x0000000006480000-0x000000000650C000-memory.dmp

Filesize
560KB

Download
memory/1648-569-0x0000000006470000-0x000000000647C000-memory.dmp

Filesize
48KB

Download
memory/1648-587-0x0000000006F00000-0x0000000006F92000-memory.dmp

Filesize
584KB

Download
memory/1648-449-0x0000000005590000-0x00000000055B8000-memory.dmp

Filesize
160KB

Download
memory/1648-452-0x0000000005600000-0x0000000005632000-memory.dmp

Filesize
200KB

Download
memory/4748-907-0x0000000005020000-0x0000000005096000-memory.dmp

Filesize
472KB

Download
memory/4748-910-0x0000000004CA0000-0x0000000004CB0000-memory.dmp

Filesize
64KB

Download
memory/4748-917-0x0000000071710000-0x0000000071EC0000-memory.dmp

Filesize
7.7MB

Download
memory/4748-916-0x0000000004CA0000-0x0000000004CB0000-memory.dmp

Filesize
64KB

Download
memory/4748-915-0x0000000004CA0000-0x0000000004CB0000-memory.dmp

Filesize
64KB

Download
memory/4748-914-0x0000000004CA0000-0x0000000004CB0000-memory.dmp

Filesize
64KB

Download
memory/4748-913-0x0000000071710000-0x0000000071EC0000-memory.dmp

Filesize
7.7MB

Download
memory/4748-912-0x0000000009410000-0x000000000941E000-memory.dmp

Filesize
56KB

Download
memory/4748-911-0x0000000009430000-0x0000000009468000-memory.dmp

Filesize
224KB

Download
memory/4748-909-0x0000000004CA0000-0x0000000004CB0000-memory.dmp

Filesize
64KB

Download
memory/4748-908-0x00000000091E0000-0x00000000091E8000-memory.dmp

Filesize
32KB

Download
memory/4748-906-0x0000000004CA0000-0x0000000004CB0000-memory.dmp

Filesize
64KB

Download
memory/4748-905-0x0000000071710000-0x0000000071EC0000-memory.dmp

Filesize
7.7MB

Download
memory/4748-904-0x0000000000340000-0x00000000003A6000-memory.dmp

Filesize
408KB

Download
memory/5256-617-0x00000000052D0000-0x00000000052E0000-memory.dmp

Filesize
64KB

Download
memory/5256-615-0x0000000000A00000-0x0000000000A0C000-memory.dmp

Filesize
48KB

Download
memory/5256-616-0x0000000071710000-0x0000000071EC0000-memory.dmp

Filesize
7.7MB

Download
memory/5256-638-0x0000000071710000-0x0000000071EC0000-memory.dmp

Filesize
7.7MB

Download
memory/5524-632-0x0000000071710000-0x0000000071EC0000-memory.dmp

Filesize
7.7MB

Download
memory/5524-634-0x0000000071710000-0x0000000071EC0000-memory.dmp

Filesize
7.7MB

Download
memory/5524-633-0x0000000005AE0000-0x0000000005AF0000-memory.dmp

Filesize
64KB

Download
memory/5744-771-0x0000000005210000-0x0000000005220000-memory.dmp

Filesize
64KB

Download
memory/5744-766-0x0000000071710000-0x0000000071EC0000-memory.dmp

Filesize
7.7MB

Download
memory/5744-700-0x0000000071710000-0x0000000071EC0000-memory.dmp

Filesize
7.7MB

Download
memory/6032-590-0x0000000071710000-0x0000000071EC0000-memory.dmp

Filesize
7.7MB

Download
memory/6032-591-0x0000000005640000-0x0000000005650000-memory.dmp

Filesize
64KB

Download
memory/6032-599-0x0000000071710000-0x0000000071EC0000-memory.dmp

Filesize
7.7MB

Download