a0e1885fb81525a9722128e36fe3bcaceddbff18f6e2f6ea253958c720372eec

Analysis

max time kernel
232s
max time network
236s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 20:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

net6.0-windows/lib/VirtualApi.dll
Size

4.1MB
MD5

e3710cbc198551fa6800800820202d5b
SHA1

1fa4486948651eb09b1193f6f66ed8fdb8a9876a
SHA256

730c9a8aca3c2057b2462f0255838b78994527abf78e0e186d211ed00e497df3
SHA512

4e55d15f0c0fafb6075409de9573099e4d39e38e6c9f70ef2a8f25dcf1218fd6ce4ef6908e513dc11cfa9946c2119e3e03f9f7b4a7a8ac32f3759222e903db3a
SSDEEP

98304:huf3xhg2rqe4J3Qbc8g7nj/kPMSFoua5AB34Sr:M9TLNg7njWFoua6340

Score

9^/10

discovery evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	rundll32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Synapse Launcher.exe

Blocklisted process makes network request 1 IoCs

flow	pid	Process
17	5420	rundll32.exe

Checks BIOS information in registry 2 TTPs 4 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Synapse Launcher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Synapse Launcher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	rundll32.exe

Executes dropped EXE 1 IoCs

pid	Process
1796	Synapse Launcher.exe

Loads dropped DLL 8 IoCs

pid	Process
1796	Synapse Launcher.exe
1796	Synapse Launcher.exe
1796	Synapse Launcher.exe
1796	Synapse Launcher.exe
1796	Synapse Launcher.exe
1796	Synapse Launcher.exe
1796	Synapse Launcher.exe
1796	Synapse Launcher.exe

Themida packer 16 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral18/memory/5420-0-0x0000000180000000-0x0000000180ACD000-memory.dmp	themida
behavioral18/memory/5420-4-0x0000000180000000-0x0000000180ACD000-memory.dmp	themida
behavioral18/memory/5420-2-0x0000000180000000-0x0000000180ACD000-memory.dmp	themida
behavioral18/memory/5420-3-0x0000000180000000-0x0000000180ACD000-memory.dmp	themida
behavioral18/memory/5420-5-0x0000000180000000-0x0000000180ACD000-memory.dmp	themida
behavioral18/files/0x0007000000023717-754.dat	themida
behavioral18/memory/1796-764-0x0000000180000000-0x0000000180ACD000-memory.dmp	themida
behavioral18/memory/1796-766-0x0000000180000000-0x0000000180ACD000-memory.dmp	themida
behavioral18/memory/1796-767-0x0000000180000000-0x0000000180ACD000-memory.dmp	themida
behavioral18/memory/1796-768-0x0000000180000000-0x0000000180ACD000-memory.dmp	themida
behavioral18/memory/1796-765-0x0000000180000000-0x0000000180ACD000-memory.dmp	themida
behavioral18/memory/1796-769-0x0000000180000000-0x0000000180ACD000-memory.dmp	themida
behavioral18/memory/1796-770-0x0000000180000000-0x0000000180ACD000-memory.dmp	themida
behavioral18/memory/1796-771-0x0000000180000000-0x0000000180ACD000-memory.dmp	themida
behavioral18/memory/1796-774-0x0000000180000000-0x0000000180ACD000-memory.dmp	themida
behavioral18/memory/1796-778-0x0000000180000000-0x0000000180ACD000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Synapse Launcher.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	rundll32.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
16	raw.githubusercontent.com
17	raw.githubusercontent.com
114	raw.githubusercontent.com

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
5420	rundll32.exe
1796	Synapse Launcher.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5420	rundll32.exe
5420	rundll32.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
6072	msedge.exe
6072	msedge.exe
1044	msedge.exe
1044	msedge.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
4368	identity_helper.exe
4368	identity_helper.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2780	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	2780	taskmgr.exe
Token: SeSystemProfilePrivilege	2780	taskmgr.exe
Token: SeCreateGlobalPrivilege	2780	taskmgr.exe
Token: SeRestorePrivilege	4864	7zG.exe
Token: 35	4864	7zG.exe
Token: SeSecurityPrivilege	4864	7zG.exe
Token: SeSecurityPrivilege	4864	7zG.exe
Token: SeDebugPrivilege	1796	Synapse Launcher.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe
2780	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 1920	1044	msedge.exe	119
PID 1044 wrote to memory of 1920	1044	msedge.exe	119
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 2140	1044	msedge.exe	120
PID 1044 wrote to memory of 6072	1044	msedge.exe	121
PID 1044 wrote to memory of 6072	1044	msedge.exe	121
PID 1044 wrote to memory of 1216	1044	msedge.exe	122
PID 1044 wrote to memory of 1216	1044	msedge.exe	122
PID 1044 wrote to memory of 1216	1044	msedge.exe	122
PID 1044 wrote to memory of 1216	1044	msedge.exe	122
PID 1044 wrote to memory of 1216	1044	msedge.exe	122
PID 1044 wrote to memory of 1216	1044	msedge.exe	122
PID 1044 wrote to memory of 1216	1044	msedge.exe	122
PID 1044 wrote to memory of 1216	1044	msedge.exe	122
PID 1044 wrote to memory of 1216	1044	msedge.exe	122
PID 1044 wrote to memory of 1216	1044	msedge.exe	122
PID 1044 wrote to memory of 1216	1044	msedge.exe	122
PID 1044 wrote to memory of 1216	1044	msedge.exe	122
PID 1044 wrote to memory of 1216	1044	msedge.exe	122
PID 1044 wrote to memory of 1216	1044	msedge.exe	122
PID 1044 wrote to memory of 1216	1044	msedge.exe	122
PID 1044 wrote to memory of 1216	1044	msedge.exe	122
PID 1044 wrote to memory of 1216	1044	msedge.exe	122
PID 1044 wrote to memory of 1216	1044	msedge.exe	122
PID 1044 wrote to memory of 1216	1044	msedge.exe	122
PID 1044 wrote to memory of 1216	1044	msedge.exe	122

cURL User-Agent 2 IoCs

Uses User-Agent string associated with cURL utility.

description	flow	ioc
HTTP User-Agent header	17	curl/8.7.0-DEV
HTTP User-Agent header	114	curl/8.7.0-DEV

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\net6.0-windows\lib\VirtualApi.dll,#1
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Blocklisted process makes network request
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:5420

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8995546f8,0x7ff899554708,0x7ff899554718
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,323360433854393152,8401932394003926337,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,323360433854393152,8401932394003926337,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,323360433854393152,8401932394003926337,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,323360433854393152,8401932394003926337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,323360433854393152,8401932394003926337,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,323360433854393152,8401932394003926337,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,323360433854393152,8401932394003926337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,323360433854393152,8401932394003926337,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,323360433854393152,8401932394003926337,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3504 /prefetch:8
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,323360433854393152,8401932394003926337,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3504 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,323360433854393152,8401932394003926337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,323360433854393152,8401932394003926337,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,323360433854393152,8401932394003926337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,323360433854393152,8401932394003926337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,323360433854393152,8401932394003926337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,323360433854393152,8401932394003926337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2548 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,323360433854393152,8401932394003926337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2192 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,323360433854393152,8401932394003926337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,323360433854393152,8401932394003926337,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3592 /prefetch:8
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,323360433854393152,8401932394003926337,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6172 /prefetch:2
  2⤵
  PID:2228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2688

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3456

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\EasyExploit\" -ad -an -ai#7zMap29123:84:7zEvent22736
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4864

C:\Users\Admin\Downloads\EasyExploit\net6.0-windows\Synapse Launcher.exe
"C:\Users\Admin\Downloads\EasyExploit\net6.0-windows\Synapse Launcher.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
PID:1796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
6dc076cfbd9ef798284113627acaca70

SHA1
1fdb71a55082ccf7f393727397db6942ddbbb624

SHA256
2ae7de9bbc9a27eb21cc494f1c3fff2e2d26abf5f990e2f085bd34d9e79dfa3f

SHA512
5d15dece16c9581ccd1319de30adf99cebc57d174642a602124228496b32b0fda3e6340932665a745fa839a14411dad5f32845b4eef98bb676677be1c3346cc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1001B

MD5
7553d5f3b878832c3f38dd73424c3ac5

SHA1
a1c32ae6f64a3d5e5387127d934726bd862ca66a

SHA256
ec67e1691243ed86f61ae1f1970c6554c5b4c0236aa6d1eb9801606ecd2758b2

SHA512
48fd4bc09a24f5b23cee644354c8d81a54b5cf6b8d3d2a567c42409ca21f602d46bfbba74885e0d6666937385c3624b23ac5f42aa786bb8d04b8cb6d44d72052

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
51f278d726b425558e2b76a26e52f4ce

SHA1
b8c9cfe0e50599de76c14abaa130264796c37348

SHA256
9c2e3a2525b41e54147af984bf2c717629b31a014dcb89b05112b95c5e03a49d

SHA512
171ec8b39d62ef4fe8e769b2c908b7ab32d8d2d1a96342f6bbadd8e254cefcda0087e927bf6c0ece22b1b3d183e2e839bb047127252409f9d14851dd3a09b5a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fbb9fe4435fe1ffa4d2ff3b5c0d89e94

SHA1
d2b70c180ede8343795d4473b0c803db9293054e

SHA256
bd1e57c04455f66a90d6536aa4f20b5c5bde73f7757840ec8f006bee8fc06f05

SHA512
599c8b67e7acf3d3c82718a5fa57f56a8e7200e7b7e6643c53240a5eaa5f37abaed03f81d3f3ab195ac50a839a97e78136fd641dcea087cb0de9f8d1760ac770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3ab4f7d5748d0d76db751594b149f305

SHA1
147785942a8d03d01c5f272859e710a25ed7b1a5

SHA256
ef76b1d8f0f53e6644b3abf4489b2a01225aeb7184395341b7047fa278f280b9

SHA512
fac94ac30a9fc125c1fb12884484f610f55412ee0b943c0e095aac84cfc8d01a3e57ee593af857142f51f8284c2267864270cbbe3f8d7b29ff06fc780c73aa48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c38af7641acfff5e4d7af401d90cd28d

SHA1
3933ce3ae12cab2014b51911d0387fd4bae5f1cb

SHA256
c06f03e7db862bfcc72aa76d7baeb0cf7d5fc64a8ebfef408df13b1cb1a1f2ed

SHA512
fc8797c4d8a1b98423f1c7e283ddca8157005090a174a594bda14df75eb4b597b43b775f9e420b6bba756e9f742263aac96910f63c4353cf3cb4dfdcd0b17ddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
71ccd08e42446c6ca953931d3144a1a0

SHA1
0cb0dbd0f7f38bc4ed65a2bcfa1ea8eef4f872e5

SHA256
e3c60fda69e6e035cb94556645bb414df5e3c2c3430f79f7dcb107db032fb24e

SHA512
bf9c39bd37499d83ec3fec7ceead39ee9d9892dce4e54dccc4c5e96106a9e8b41cc6a5310ea8deaa5321ae688a47cfdfb718938458579060990e7957c1451973

Download Submit
C:\Users\Admin\Downloads\EasyExploit.rar

Filesize
13.8MB

MD5
471e2ac23078830600bf47ce591ff1ce

SHA1
126c429aee788ee262d1378ae83c186eae241793

SHA256
a0e1885fb81525a9722128e36fe3bcaceddbff18f6e2f6ea253958c720372eec

SHA512
f4c82fc1c521647efc3a54ee2ac36da26d0823d75431181ad112395923e59e35a477c8154861f5685cf60981069c78a758bfc5a1767b4b8b8afce84edb25e3f4

Download Submit
C:\Users\Admin\Downloads\EasyExploit\net6.0-windows\Synapse Launcher.deps.json

Filesize
5KB

MD5
2118179ef143a62cfdfd24a521924413

SHA1
cc74e086855c96177362462afa9cd8665efd72c3

SHA256
d12b40f3e40f10f37f631ff80e65f9c8230ce8f5ec16a2b7f7342ec0d97b0333

SHA512
ea3cfffece1a27b9cb9f219fc11ce3eeb2b76baa7fa6965e3aa586e862c8b2e4126e4778c51bd90b79b689d962325f0b0f33bd72886871ec49760119d8a1eabe

Download Submit
C:\Users\Admin\Downloads\EasyExploit\net6.0-windows\Synapse Launcher.dll

Filesize
2.3MB

MD5
f553d4c216830a6fa652526e17b472ad

SHA1
37a34b396060da64ccb892b6efcc6d48ef4456cd

SHA256
1527753d9fd361ff1950ea5208e7020615d6f3344fc0acf420f531c7900c50a5

SHA512
a801fafd50c3f777d8e48278fbff094288c7e562c2c0bee66085e877b268c66665f2490a3f56d5f5773b075cce5fd9c7eb5be41fbbb83ec8f19155c2a5f3e7b4

Download Submit
C:\Users\Admin\Downloads\EasyExploit\net6.0-windows\Synapse Launcher.runtimeconfig.json

Filesize
372B

MD5
d94cf983fba9ab1bb8a6cb3ad4a48f50

SHA1
04855d8b7a76b7ec74633043ef9986d4500ca63c

SHA256
1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a

SHA512
09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

Download Submit
C:\Users\Admin\Downloads\EasyExploit\net6.0-windows\lib\Microsoft.Web.WebView2.Core.dll

Filesize
760KB

MD5
1901b4219adc066f3920aaabce33a929

SHA1
b6189bd755232d5e9c2dd04ae3134a08b3fa9475

SHA256
e07e183025a4946d4111b7e410b84bac5dc437b78cc92f98977aab59a464205f

SHA512
4d107dec00ce360b195ca68c62221466974e9320d3f51493bded1629723b8e320af318ab5d8bd3274a363ede33c1a5eba713f20a00203f23dc4d563027f6d713

Download Submit
C:\Users\Admin\Downloads\EasyExploit\net6.0-windows\lib\Microsoft.Web.WebView2.WinForms.dll

Filesize
37KB

MD5
9f744fb8ccbbc95054643a81a3e9f896

SHA1
075202e07053b0a97a6c50462abd87b6fe4c3fb6

SHA256
00c21b95e9e8c9d3ace56c4d0c77f03c7dac331ee272fa3ab21ee8e6bbf96d28

SHA512
ba59e774ef0e1e9c0147d254ed88ffa5b0b42629996da572ef97bc276e3541568672de6d3c26b9142cd0cddd7e4014ea3a5ee4d22493c3ce9b464edfd9ba7f7e

Download Submit
C:\Users\Admin\Downloads\EasyExploit\net6.0-windows\lib\Newtonsoft.Json.dll

Filesize
695KB

MD5
adf3e3eecde20b7c9661e9c47106a14a

SHA1
f3130f7fd4b414b5aec04eb87ed800eb84dd2154

SHA256
22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07

SHA512
6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b

Download Submit
C:\Users\Admin\Downloads\EasyExploit\net6.0-windows\lib\PagedControl.dll

Filesize
45KB

MD5
e8e69786645597510317e1cb775e2344

SHA1
3a9078acde00f02d65e38e78572f51b13882913c

SHA256
88e543039146ea173096b7f3109c7040d9c32cb9f7a749e46b11037c4b639c33

SHA512
b9d2951810200d9fa5c25ab7d2d3487b497fb74d94960b6930a2bb27d5396205b953e3ce322ea98b15613e4cf1f0cd8f5c7c8d63b92cbbdd8706a2d1af5cc2ff

Download Submit
C:\Users\Admin\Downloads\EasyExploit\net6.0-windows\lib\TabControl.dll

Filesize
66KB

MD5
d133bc61af9146b21083f93cd7972efb

SHA1
4723a9368302d1df63f278d6f6b53d55c040b6a4

SHA256
adae07f028c67901ce68ad393ef34c03ee0bf24443b807a73506aa5f72ca358b

SHA512
38f4140ac58bffd30009ba5cbbfb91f60f04b9c9eec45416db57586208cf8af08e6b475975e8ddcd7260bb4f8c09280bac80675fe0e314ae42feebe26dfa09f8

Download Submit
C:\Users\Admin\Downloads\EasyExploit\net6.0-windows\lib\VirtualApi.dll

Filesize
4.1MB

MD5
e3710cbc198551fa6800800820202d5b

SHA1
1fa4486948651eb09b1193f6f66ed8fdb8a9876a

SHA256
730c9a8aca3c2057b2462f0255838b78994527abf78e0e186d211ed00e497df3

SHA512
4e55d15f0c0fafb6075409de9573099e4d39e38e6c9f70ef2a8f25dcf1218fd6ce4ef6908e513dc11cfa9946c2119e3e03f9f7b4a7a8ac32f3759222e903db3a

Download Submit
C:\Users\Admin\Downloads\EasyExploit\net6.0-windows\lib\WebView2Files\EBWebView\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\Downloads\EasyExploit\net6.0-windows\lib\WebView2Files\EBWebView\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
c225ce75e753b35f98913fb6abc146ec

SHA1
a511459958121085cefdaef1104e5f101182d012

SHA256
a2efd0b3a894e9b02bf1396d85bda73dd4d05fb49347c2252e26483a1d70a90a

SHA512
1750a6b86de5b7c75a7195c6a5926f93eaf0dc06d05a70ec4dcaecbf0ca81b701141ee63ceb8e72a1106a9da3b64f5084538c9f72850c7257ec86e12fa5804df

Download Submit
C:\Users\Admin\Downloads\EasyExploit\net6.0-windows\lib\WebView2Files\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\Downloads\EasyExploit\net6.0-windows\lib\WebView2Files\EBWebView\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\Downloads\EasyExploit\net6.0-windows\lib\WebView2Files\EBWebView\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\Downloads\EasyExploit\net6.0-windows\lib\WebView2Files\EBWebView\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\Downloads\EasyExploit\net6.0-windows\lib\WebView2Files\EBWebView\Default\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\Downloads\EasyExploit\net6.0-windows\lib\libcurl.dll

Filesize
546KB

MD5
2024156665356070ea193498d076ea7e

SHA1
304fd6c02e788ce55404560e88ecc45d78961d1f

SHA256
815e4160ca9fcf4f6bf2b44b004a35cdb5988103d1204102eb7320ce2146a9bb

SHA512
dec6441fe2fe25e5c2bce8f916d58d3be2bb218f2e82d27e346bce5100caac239c484f4e10f0fdfdc152fda209b066ac04d89b62bdcbe5cfe0393734beb16962

Download Submit
C:\Users\Admin\Downloads\EasyExploit\net6.0-windows\lib\settings.txt

Filesize
59B

MD5
8bda164282cd6f908cf88856d1b86356

SHA1
01a01c88ec07c5918ef516cdd2b2a74642e28adf

SHA256
60552584ce6a19bb59b9456db8c479e5860e801a6f78cabe5d62e9437a9fa3fb

SHA512
f85a4edd0d3373209c11cda2d5b95c4c97c0ed64bbb199835d06085787a86348f0e5910ce9959e5a91b3963e0910dbc93a6a5363b487190fcac7857716f38f37

Download Submit
C:\Users\Admin\Downloads\EasyExploit\net6.0-windows\lib\tabs\Script 1.json

Filesize
83B

MD5
c56976cfc33507a70e39c4e1f87da0ad

SHA1
5b77cc4653fa21d5f4e4673740aca29e3d5ce7f5

SHA256
abe9d4aeb8efb7fab457aaafe66da1c8ea85912eba36b8f119ec541bf6b98a5c

SHA512
800f0bd5d030039874fd1b9c2efe87aed9097393394177f5ef0a8a7cd12a3ff6fd4aa011a7fb6f54c998b93b88e2b741ec3b4baa5ccf864ba243bd662b328ecf

Download Submit
C:\Users\Admin\Downloads\EasyExploit\net6.0-windows\lib\xxhash.dll

Filesize
45KB

MD5
fd4a9c28c2b7b7f7cae985eed789f0ce

SHA1
44b51dd9a141f3dfcc090549e6c90071f8b55fb4

SHA256
dc354e7ea9046cadbed8645e4666975a523463500c877574f8e8306d958b7304

SHA512
b3ae3d523a1a2de93f05cfa856ac6984d444ee5180f862f0046be3acd02fb499400909449c7e47f764aea2d7d3863e42c7029b0cfc8803b79a91c9f56f3b8bc1

Download Submit
C:\Users\Admin\Downloads\EasyExploit\net6.0-windows\lib\zlib1.dll

Filesize
87KB

MD5
46b86e47c082b3ca753e264538c6b9ba

SHA1
aafa06e387ab9eddc120de3fc0127332cdb8fe1d

SHA256
cf0bf2746b40710452df596fabd497df250f7693db652c13971aee7c69226c18

SHA512
31a396fe4349c81067f1936b92e68b058dea5fee2faf972c3bb39d7e2c6ce48292eac5bbc5b43545e07e8aac03f299fb504bfe651b3e432b64e302c651f3d81b

Download Submit
C:\Users\Admin\Downloads\EasyExploit\net6.0-windows\lib\zstd.dll

Filesize
639KB

MD5
91032907f8dc67be99885b0b1169837a

SHA1
63b6cd2442d68907ae64bdf72095ad08f0b4d00e

SHA256
ab04353fdcf07994a048ad4dbec1579436066f047fdd63d36e4e29f4b1dd6a2b

SHA512
83ab14249829f9d98d41363a7a6b5b7be8dfda5f51a017145da7930e42cc9de2ce79a524960d115dc533343b62bfdefdce817d95d0c779687e5ee15f2347856f

Download Submit
C:\Users\Admin\Downloads\EasyExploit\net6.0-windows\runtimes\win-x64\native\WebView2Loader.dll

Filesize
161KB

MD5
243daecda6af75e315943dd441328363

SHA1
7a69372408f3b13f7a4d1e2cec9de60cfe73c6c3

SHA256
5b502aeebf673ada801efc79875a4ca2c1b412f23e04a62454738672c1ac446c

SHA512
8765ef90b38549e8a5a1a20fc0c431e7e9ea48ad341221388de7ede7685deba28124950b5766549d754554e8025077d1b59e3b5e04dc9906aed154e40f751fcc

Download Submit
C:\Users\Admin\Downloads\EasyExploit\net6.0-windows\theme\theme.json

Filesize
3KB

MD5
83eed9ff420e85ecf36c38f0f0646385

SHA1
04d0c0b194de4b3b647569ee3014d68c68d894c0

SHA256
b9572dedd840238a72988ed1664ebb5af010cdc6e4d617bdf43f642fc38b64a8

SHA512
a7a7a7add37e7a6762a8bb41a2245b4dfd64e5ba824e77945964c47baa81f1506193ecdf8a9f647091ae899321eed854075f3ff2394369562bda8780b5c14357

Download Submit
C:\Users\Admin\Downloads\EasyExploit\net6.0-windows\workspace\.tests\isfile.txt

Filesize
7B

MD5
260ca9dd8a4577fc00b7bd5810298076

SHA1
53a5687cb26dc41f2ab4033e97e13adefd3740d6

SHA256
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

SHA512
51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

Download Submit
\??\c:\users\admin\downloads\easyexploit\net6.0-windows\synapse launcher.exe

Filesize
367KB

MD5
8461d2adc84bc31f16bde8e59aa946a4

SHA1
446b6d78fbaa6dfeeacda9b86b4e64b6d573aa8b

SHA256
9153444a39f82810fd19f2bae2fa07dfba9293c5199c2de7b005973dedcafa4f

SHA512
5cdb0c0ccadb820ae767db5ba3f2afe220c26da8cfc95fca2d69a28fd0f475b07d02c44b40d525a8fea3e27ee1c0e395534bb825486cec4380bbfd9fc16b9d61

Download Submit
memory/1796-766-0x0000000180000000-0x0000000180ACD000-memory.dmp

Filesize
10.8MB

Download
memory/1796-764-0x0000000180000000-0x0000000180ACD000-memory.dmp

Filesize
10.8MB

Download
memory/1796-769-0x0000000180000000-0x0000000180ACD000-memory.dmp

Filesize
10.8MB

Download
memory/1796-770-0x0000000180000000-0x0000000180ACD000-memory.dmp

Filesize
10.8MB

Download
memory/1796-767-0x0000000180000000-0x0000000180ACD000-memory.dmp

Filesize
10.8MB

Download
memory/1796-768-0x0000000180000000-0x0000000180ACD000-memory.dmp

Filesize
10.8MB

Download
memory/1796-778-0x0000000180000000-0x0000000180ACD000-memory.dmp

Filesize
10.8MB

Download
memory/1796-765-0x0000000180000000-0x0000000180ACD000-memory.dmp

Filesize
10.8MB

Download
memory/1796-774-0x0000000180000000-0x0000000180ACD000-memory.dmp

Filesize
10.8MB

Download
memory/1796-771-0x0000000180000000-0x0000000180ACD000-memory.dmp

Filesize
10.8MB

Download
memory/2780-17-0x000002DED9C50000-0x000002DED9C51000-memory.dmp

Filesize
4KB

Download
memory/2780-6-0x000002DED9C50000-0x000002DED9C51000-memory.dmp

Filesize
4KB

Download
memory/2780-16-0x000002DED9C50000-0x000002DED9C51000-memory.dmp

Filesize
4KB

Download
memory/2780-15-0x000002DED9C50000-0x000002DED9C51000-memory.dmp

Filesize
4KB

Download
memory/2780-8-0x000002DED9C50000-0x000002DED9C51000-memory.dmp

Filesize
4KB

Download
memory/2780-14-0x000002DED9C50000-0x000002DED9C51000-memory.dmp

Filesize
4KB

Download
memory/2780-13-0x000002DED9C50000-0x000002DED9C51000-memory.dmp

Filesize
4KB

Download
memory/2780-7-0x000002DED9C50000-0x000002DED9C51000-memory.dmp

Filesize
4KB

Download
memory/2780-12-0x000002DED9C50000-0x000002DED9C51000-memory.dmp

Filesize
4KB

Download
memory/2780-18-0x000002DED9C50000-0x000002DED9C51000-memory.dmp

Filesize
4KB

Download
memory/5420-5-0x0000000180000000-0x0000000180ACD000-memory.dmp

Filesize
10.8MB

Download
memory/5420-1-0x00007FF8B7610000-0x00007FF8B7612000-memory.dmp

Filesize
8KB

Download
memory/5420-4-0x0000000180000000-0x0000000180ACD000-memory.dmp

Filesize
10.8MB

Download
memory/5420-0-0x0000000180000000-0x0000000180ACD000-memory.dmp

Filesize
10.8MB

Download
memory/5420-2-0x0000000180000000-0x0000000180ACD000-memory.dmp

Filesize
10.8MB

Download
memory/5420-3-0x0000000180000000-0x0000000180ACD000-memory.dmp

Filesize
10.8MB

Download