skuld | 47736ab0086f8fff2e922aa17512a0659832c308b723efbceee35f93d31091c1

Analysis

max time kernel
204s
max time network
198s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29-09-2024 13:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

synz_newest_9-28-2024.exe
Size

9.9MB
MD5

021614fb40506a29c35d4beb8e9a257c
SHA1

184f16ab0e17eb3b9504eb57f8aa4f3aadf86ce1
SHA256

47736ab0086f8fff2e922aa17512a0659832c308b723efbceee35f93d31091c1
SHA512

d6aab770ebc21c283e5188745df15a1247b83ad4f1695ba659ff7d03d4a6dbb256793d025a56a0fa93898b8e5d38351af35f17d8a5532c4cad7f6392fcf35166
SSDEEP

98304:VqjRuMb60fkT9y03ldHxJOjSOvBvdzEpfn2v/ZmaGHMd6:gj7WmkTf9OjSOJvdgUPGHQ6

Score

10^/10

skuld discovery persistence stealer

Malware Config

Extracted

Family

skuld

https://discord.com/api/webhooks/1287929501275127819/Vad7__mR0RgQZr-7HVuAVCato4JnEC1hMgX9aqegKbddRUzYphy8Zz2n_ZlFaWIXOvbv

Signatures

Skuld stealer
An info stealer written in Go lang.
stealer skuld

Executes dropped EXE 6 IoCs

Processes:

synz_newest_9-28-2024.exesynz_newest_9-28-2024 (1).exesynz_newest_9-28-2024 (1).exesynz_newest_9-28-2024 (2).exesynz_newest_9-28-2024 (2).exesynz_newest_9-28-2024 (2).exe

pid	process
448	synz_newest_9-28-2024.exe
2380	synz_newest_9-28-2024 (1).exe
6020	synz_newest_9-28-2024 (1).exe
2300	synz_newest_9-28-2024 (2).exe
2896	synz_newest_9-28-2024 (2).exe
3184	synz_newest_9-28-2024 (2).exe

Adds Run key to start application 2 TTPs 7 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

synz_newest_9-28-2024.exesynz_newest_9-28-2024.exesynz_newest_9-28-2024 (1).exesynz_newest_9-28-2024 (1).exesynz_newest_9-28-2024 (2).exesynz_newest_9-28-2024 (2).exesynz_newest_9-28-2024 (2).exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Realtek HD Audio Universal Service = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Protect\\SecurityHealthSystray.exe"	synz_newest_9-28-2024.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Realtek HD Audio Universal Service = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Protect\\SecurityHealthSystray.exe"	synz_newest_9-28-2024.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Realtek HD Audio Universal Service = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Protect\\SecurityHealthSystray.exe"	synz_newest_9-28-2024 (1).exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Realtek HD Audio Universal Service = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Protect\\SecurityHealthSystray.exe"	synz_newest_9-28-2024 (1).exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Realtek HD Audio Universal Service = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Protect\\SecurityHealthSystray.exe"	synz_newest_9-28-2024 (2).exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Realtek HD Audio Universal Service = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Protect\\SecurityHealthSystray.exe"	synz_newest_9-28-2024 (2).exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Realtek HD Audio Universal Service = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Protect\\SecurityHealthSystray.exe"	synz_newest_9-28-2024 (2).exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

74 pastebin.com
75 pastebin.com
76 pastebin.com
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

flow	ioc
74	pastebin.com
75	pastebin.com
76	pastebin.com

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

DllHost.exeDllHost.exeDllHost.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

Processes:

explorer.exeexplorer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133720913455788852"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 11 IoCs

Processes:

explorer.exeexplorer.exechrome.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	explorer.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

chrome.exechrome.exemsedge.exemsedge.exe

pid	process
3372	chrome.exe
3372	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
5376	msedge.exe
5376	msedge.exe
5364	msedge.exe
5364	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

3372 chrome.exe
3372 chrome.exe
3372 chrome.exe
3372 chrome.exe
3372 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

synz_newest_9-28-2024.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	1980	synz_newest_9-28-2024.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe
Token: SeCreatePagefilePrivilege	3372	chrome.exe
Token: SeShutdownPrivilege	3372	chrome.exe

Suspicious use of FindShellTrayWindow 50 IoCs

Processes:

chrome.exe

pid	process
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

synz_newest_9-28-2024.exechrome.exe

description	pid	process	target process
PID 1980 wrote to memory of 3964	1980	synz_newest_9-28-2024.exe	attrib.exe
PID 1980 wrote to memory of 3964	1980	synz_newest_9-28-2024.exe	attrib.exe
PID 3372 wrote to memory of 4968	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4968	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4416	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4600	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 4600	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 1980	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 1980	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 1980	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 1980	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 1980	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 1980	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 1980	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 1980	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 1980	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 1980	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 1980	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 1980	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 1980	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 1980	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 1980	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 1980	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 1980	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 1980	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 1980	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 1980	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 1980	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 1980	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 1980	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 1980	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 1980	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 1980	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 1980	3372	chrome.exe	chrome.exe
PID 3372 wrote to memory of 1980	3372	chrome.exe	chrome.exe

Views/modifies file attributes 1 TTPs 7 IoCs
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exe

pid process

1784 attrib.exe
5520 attrib.exe
5228 attrib.exe
6024 attrib.exe
3964 attrib.exe
4844 attrib.exe
1308 attrib.exe

pid	process
1784	attrib.exe
5520	attrib.exe
5228	attrib.exe
6024	attrib.exe
3964	attrib.exe
4844	attrib.exe
1308	attrib.exe

C:\Users\Admin\AppData\Local\Temp\synz_newest_9-28-2024.exe
"C:\Users\Admin\AppData\Local\Temp\synz_newest_9-28-2024.exe"
1⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Windows\system32\attrib.exe
  attrib +h +s C:\Users\Admin\AppData\Local\Temp\synz_newest_9-28-2024.exe
  2⤵
  - Views/modifies file attributes
  PID:3964

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:3816

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:3100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff81ab1cc40,0x7ff81ab1cc4c,0x7ff81ab1cc58
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2488 /prefetch:8
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3344,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3732,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4724,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4572 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4932,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4880,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5320,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3396,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4836,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3164,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5620,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5640,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5648,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5940 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5800,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6088 /prefetch:8
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3400,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3448 /prefetch:8
  2⤵
  PID:3556
- C:\Users\Admin\Downloads\synz_newest_9-28-2024.exe
  "C:\Users\Admin\Downloads\synz_newest_9-28-2024.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:448
- - C:\Windows\system32\attrib.exe
    attrib +h +s C:\Users\Admin\Downloads\synz_newest_9-28-2024.exe
    3⤵
    - Views/modifies file attributes
    PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5908,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6072,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3516 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3432,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6320 /prefetch:8
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6176,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6364 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6312,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6088,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6560 /prefetch:8
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1172,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4168
- C:\Users\Admin\Downloads\synz_newest_9-28-2024 (1).exe
  "C:\Users\Admin\Downloads\synz_newest_9-28-2024 (1).exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:6020
- - C:\Windows\system32\attrib.exe
    attrib +h +s "C:\Users\Admin\Downloads\synz_newest_9-28-2024 (1).exe"
    3⤵
    - Views/modifies file attributes
    PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5856,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:5212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5912,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  PID:5392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6428,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6352 /prefetch:8
  2⤵
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5404,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6568 /prefetch:8
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5808,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6216 /prefetch:8
  2⤵
  PID:5604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=860,i,10208163452015915202,1017355740484976982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  PID:1344
- C:\Users\Admin\Downloads\synz_newest_9-28-2024 (2).exe
  "C:\Users\Admin\Downloads\synz_newest_9-28-2024 (2).exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:2300
- - C:\Windows\system32\attrib.exe
    attrib +h +s "C:\Users\Admin\Downloads\synz_newest_9-28-2024 (2).exe"
    3⤵
    - Views/modifies file attributes
    PID:5520
- C:\Users\Admin\Downloads\synz_newest_9-28-2024 (2).exe
  "C:\Users\Admin\Downloads\synz_newest_9-28-2024 (2).exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:2896
- - C:\Windows\system32\attrib.exe
    attrib +h +s "C:\Users\Admin\Downloads\synz_newest_9-28-2024 (2).exe"
    3⤵
    - Views/modifies file attributes
    PID:5228
- C:\Users\Admin\Downloads\synz_newest_9-28-2024 (2).exe
  "C:\Users\Admin\Downloads\synz_newest_9-28-2024 (2).exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:3184
- - C:\Windows\system32\attrib.exe
    attrib +h +s "C:\Users\Admin\Downloads\synz_newest_9-28-2024 (2).exe"
    3⤵
    - Views/modifies file attributes
    PID:6024

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1388

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3608

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f0 0x478
1⤵
PID:4560

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5060

C:\Users\Admin\Downloads\synz_newest_9-28-2024 (1).exe
"C:\Users\Admin\Downloads\synz_newest_9-28-2024 (1).exe"
1⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2380
- C:\Windows\system32\attrib.exe
  attrib +h +s "C:\Users\Admin\Downloads\synz_newest_9-28-2024 (1).exe"
  2⤵
  - Views/modifies file attributes
  PID:1308

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:3536

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:1316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault29e3b208h35ach4c0bh8bddh999878e1b402
1⤵
PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff82ab946f8,0x7ff82ab94708,0x7ff82ab94718
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,338795360671382017,13053990325824450113,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,338795360671382017,13053990325824450113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,338795360671382017,13053990325824450113,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:5448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5664

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:5868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault03646613h274bh4b4ahbf4ch68a6296b776e
1⤵
PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff82ab946f8,0x7ff82ab94708,0x7ff82ab94718
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3299895409692698540,13705943591699947006,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,3299895409692698540,13705943591699947006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,3299895409692698540,13705943591699947006,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:5728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5208

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:5432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a934c2ef7b14343efd74c32429250fc0

SHA1
4ea20e2fb8f02c288cae88106878082d31001dce

SHA256
ce5db0ae3961c92313a911da83c12580ca38ee21c39f6951d01c3c3cae442acc

SHA512
907b6ad91cb1303bb6d6df4b9a6e9a69b1fca7bba3b867d049b39d463077acb052c1dc559ce82b873a69771a6f5ea7f4e0c083414e67ab84817c736402b7d7bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
369KB

MD5
686792e9acfe2ad3cab666938191d219

SHA1
e243a6190f3443b27be87abb363a77f63c85ba68

SHA256
cb347e524f13fc736db4abb6ade3ce995fc1eb5197302d681c310dbc5e62e7be

SHA512
1600a755d2f833684e81c17d4ce18e9b3b86e272725e0832009674c1e2fb437bdd68bab675dba21a5f90417a50e11ea4a4497ff8807a31eb637712634f4f4cce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
399KB

MD5
29b46ef2228d7d0ff5538a6042f88903

SHA1
85fcbb20e56c8c2ebcaf9d5ee3a442e449194601

SHA256
ed4d09c067524631ba4f93c8318fada5e09c4c099d49a88781733821edfe8e48

SHA512
2b20d919b16ba74a8415a64be12fbfeb79a8da66967b853c26ef9e6ca0fa103544273366d86e0587e9687796cd49352139bb29ea673f1d8afe973876d232b387

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
497KB

MD5
6a13884b18cabbf78b0dc2fdb195e9f5

SHA1
abca68e077dc582a30f50a9edd7a42d01bce2bb6

SHA256
d4751f46fd7156b0eed6b9e753db3df136f621e7ab2fd8dceade57242c814d33

SHA512
15b2509942a88b87f8728b76a6724424e013029849399ddc04dd19278c0064b0d961e7a33d106b2ac0423b893a37d393663d0e756b6ef11dfe26ae12a9d51f40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
509KB

MD5
d02112af1188dbfa2d0f5386c94a5668

SHA1
4b456cad5fe9a7e6893ce49bcecc6cb2622b72b4

SHA256
d8014b108685fca3cf5e75c17dbd0aad08b2132b95b391c21aa027fbb1ad9bcf

SHA512
3dbe8f496bf946fe6be6c4f4dea684b5803c775edba4d79de7a51f48bcb2c09244a66b11f9679e3706bb84b694041f8cbb33a67c0a602ffbd3f66496bad55aed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
473KB

MD5
b7b0a5c8a253b87559ed9295e45960b8

SHA1
7c4e02218ed280438be6f339765a8d74d37669c4

SHA256
6450a54915a1302d551267a155725ccca1f1e5f1072cf3313071cdcc366b5d55

SHA512
84a401572b2c9fa78b99e8aebfb55331b99ff38919a0a88342f799f57c073722b249e8015d5c7c4fe7634a1d9e19fce85fdad4cea94c49c2c35f9c2b3597724e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
468KB

MD5
a88d67dc035d92726a4fcb89851eb201

SHA1
37c54b8bf7c3f33fdd4b212750975d239da2961f

SHA256
9a11cc1d4e89a314d3ec0e885056aa572b0d5d5b787d0c8b8e0a9fe1a90cee94

SHA512
8db67c2e3b586c0f320da4e505d9954ec67e88f9b7782f72e10c16d35cf6a6bde4750ef4cd800fc5fac186da604f5ea339a2566040e023c6ee6e199e9fcf18ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
508KB

MD5
918a7a667f3de7742ce174218fbe0d4f

SHA1
76781addf6d022f037e9d9abd9267b6e221f9a48

SHA256
bd184c4fd9ca1145bcd2e2aa978b37c949c410e3cb05052a4d9dd6bf727b7677

SHA512
4d0236fe05252dbf36cdf8d9ff0268d6a602d3e44bc1f91b1e5e4e204afdc7a7890050a65e2609d51387463b725362a7965e7ca84875be2dec3727cb3dfbeb11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
469KB

MD5
184008aa58532dc330bbb67885cba62d

SHA1
7abb1b81031fb7b6727778860ab073905bcabdee

SHA256
07d7f1cae5f34137fc1b4cca77ca88bebb96f2ee241b4d8de4a1cb1c347628bd

SHA512
c58523981f0b67ec0e3838b2b68de7fcd02c42a2e50f6c90c3fd48a3aad955fad78dfa0d844564ce8c3164c43220008c03fb32ba9e09a60306ab351dec1f67ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
746KB

MD5
1c5425f8267f7fb68bdb3f97cb4b0bab

SHA1
dfae94dbf270d588fe10f2db9434b597a327b7ce

SHA256
34a32689ba46359ea541ae21bc3a85846cfe6afaba2911338aa04666eba23cc3

SHA512
37877b9ad4b257444c803afa1bc6e219d00de0e43131508b6a3561af1e2402ec36e883723dbb5dc8dd26b1f55c7dd77821a6ba2767224d4bbcdc3710dc4d034d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
302KB

MD5
d0179bd249c07b0cf46de38d32deddb2

SHA1
dc5f7e83360b6386be92c0bc5eda129fac899f8f

SHA256
ef8755958dc3ed928da3382a69c36cf6ec2bfb1a98f1d9e71165ab81fe735e6a

SHA512
c411e395acdd612519623638377840a7908c6cd5895c8c77446266f6e7114f2275d3da1f16197cd16dd98fd8ac58b06361ab3d50cd17e433cc38dc56864defbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
436KB

MD5
ec9ec4e41ec1f61018b01db2bfecdfb3

SHA1
bdace8c99d08984c07a7b346a2546d49ca61522e

SHA256
396c8c50c49feb2408530d530924d38f324853b7007892d82725ec0496993952

SHA512
a4fc06909db20077b3759686e7e59b4b574ac674ba3adf041c138af3e2b28747872cd2928ee3dae9d7daca184d24819925c4985e2329317ed55f689186edc86e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
500KB

MD5
8da71420c5c9639e04dbb79e7dcfea1a

SHA1
aef32b04b7fadc30f54e94f388a39701af1b6ac2

SHA256
04ab5afde4357c1aaa61284f7349461ff843276ab4d9159e2c622758fc783fcb

SHA512
444d5e5e33cb69f521889e4c0a3bfc291c9e3a5b3e349d49ecfdaed9db7118ce5b5c245eb145c016753a899b0b397debd12e52509b1a8a5c862fc3dbdfe08199

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
244KB

MD5
94a3beb81077bca2dfc0153344519b82

SHA1
bd15e15b074282ed243ced0094f760c3efe080bc

SHA256
6e1f04b4b799ebb30061dacc73808d643a09f162b61a3721ef0e66ebc511ccae

SHA512
ef2aaa48013289a4d8bb2298d25ff7afdcf98e729d893e7dabfde9db1abee68d1de66fb2f28541e10e0de8520f8719062a4e063817501f870b574c078f5eaeff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
489KB

MD5
b7dcbff2ba9e18098af3898797566f4f

SHA1
c44a8961721a9743d974c1168377f649f249eec6

SHA256
5e906d738618166f0b8c675399da6209f4aa8e39ffeb5e6028fe632bcf14a2f1

SHA512
6b8723c1a145500e14661ed53c69313b704f385dff8471bc8dce42fa394ba234faa579cd32c0a9668de597a7a342db0d8a4519bd6b042710c82d291a1951f428

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
447KB

MD5
8df2491a215e2eaa36e55b7535952cc7

SHA1
85eeaf7e75059c2cfd863ba206d6b575135a1f2d

SHA256
1a6ebde0f8d3d0ddcd076220831bd3f0d9c6de1f34958f44e999015951538033

SHA512
54380cecff2abc1e6dfae8caa9366d22f6ac786eed0c62e86bcc768c5bf853f9126701d687768ae3048026e4d70f4c1863ca2a306d1767e2b652adc3ce93f78a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
713KB

MD5
e48f87aa9f7cffacbad5d137e4bbaaa8

SHA1
0bb6371e2b1453265985429a4acd06afccb34c2b

SHA256
2515d0b734ab553e6d9cd7f1d79bf61e7737c72b68be0eed3b02d9b642c3e446

SHA512
1199255883e727a541f43d53831aad55d8b64924b4eb97d000253a3d8b65c676bacacd7fbd8a5732192a12fa4522fb524b1f01221689ecc2da0d0b5db02ebf80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
497KB

MD5
cc2534808232cd5a772ffec696f0cc13

SHA1
0fca9c0de23e5074d4ddf0dd7af56b1d6a391981

SHA256
037696fc9e8941f7532c5cad88adcc7fd804c8a7a1cbf9a3d94797ac626d48e1

SHA512
6db304f09678fb442d898f6a6d2e2899836d150e3017478117a8302526bf96ee252dac146cd75a75c1fe2653a344db182959c1707cab9951534984291aec4905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
502KB

MD5
b3cb9466e15223f233706e220315a14c

SHA1
e6cdb7addeb7c4558c69f1fdea503621848706f0

SHA256
889311c61b90cc168f059e2ff59cc3714f6fee9a7f9a9102393a8410b8233823

SHA512
c1ecfc07f1491d132bb2a3a4015d0b19119d183075514c0658e5949fd75fe358180a534c1090a5bd7328829054f0c662cccad9c2ca8e5438da9cb85f2300abb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
476KB

MD5
16ed5fd6bd752be3e998b05634f43f65

SHA1
8bdec694541a3173ecf0e04b83acd7032c4a0548

SHA256
d7aff862c4a47cf466bcbc26f3522cf12987af1f7d8f0b9a4b13a4ea844ec929

SHA512
b1dfe5dce6392aa79f6806881a368166894d6cb9c74b3270997d16e227c95810c9165a3aa4cff80a40ac87ac34ca3734accb019fc9b91edd75a62c75acf19766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
298KB

MD5
4ce2554777da624ca17994b30effb07b

SHA1
78779b74fb9ba35e597e38a88de6ba0393b18d69

SHA256
073241f3f2a439951e522d5229eac2f7bc01a82d75c2ad8b3c1de45e18e2a2ae

SHA512
2270d33c223e669a7189bb4a336b6ed8286c2ce2d5bdffd489789a0ab18a0d8691b48a65628f36950398fbd57fcf74fd7fbd0fa502719dcfee1537090463e303

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
392KB

MD5
f9dddb283d79895f23eeddc2bcd119ab

SHA1
3939550dc42cbb0c59a89021b8a51922fa99e6d7

SHA256
8d2e047646dcc144d1ee5891d87fdbac9744bc940f0cc4e6dbf7ac2060ebfc50

SHA512
1db7f100f760943d80905064f9f41a9d80a1efece7ee7809bb9eebe623d03b02d3cf59dba2bd9a3b5fe61d3c1041fe56900c849b6ff2fba3c3d84fd5477f4e12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
452KB

MD5
81e17fd1825ca42e110f251d4487d670

SHA1
5abe5eb2d1bb7b3b6e6e78523046d212f1cee4d6

SHA256
e87b6936b3e0df4cc2e63d7904e9d9491c5f434ed4ad2ded3479aead0ce667c9

SHA512
ea9393877a147617cf801cf382b02686c3990bb59ec014d897d34fdabe6f04522e32b936d103435727c69b7f221a98bdd1e34afc06ff119fa0b0a50d2ff225cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
40KB

MD5
71d77607b323bc20be32a02fce4cadfd

SHA1
2a18236090f47a4e1f0ebd2b9f1e4b0bc0053573

SHA256
58c04ac027b15931acfb17be4a134e35c8bdd3b99109e617895713a42f32d84a

SHA512
01e141b3c6ca46a83626f19e35a8e8ed613e2dc90fb42977752632c9818ea93f9b8f06e1a47417fe5cb8ed8a3bba3fbf62bf28da3f15c6200a6b8ccec72c4005

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
432KB

MD5
057852173e958810f1de0e8adbc9d462

SHA1
bd05e51244966615a9dc2b0119f7e8cfa64f22b5

SHA256
9c90f27443fbdb85519985333a8b00c3cff0e10a2753955f41890342d64362f7

SHA512
230ec42dfcea740b4fb37e3c7559da2289b7bf2025c465bf055db75659c7f9f05ede374792b046ffb3365f8fa5dc34e23f1312984c195c32a6d42147959efc86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
37KB

MD5
04c8b39a7211e91c390f3e7c18730ec6

SHA1
b8d9ee0b2b7c96a0aab18b05ee2d38eda1823c3c

SHA256
7066fb3a9439ac4b7ab62485a20eef0196e9d0ec2a4038302f3eeda11453f2c5

SHA512
b7f63a2e238d6d6a0e25cd8a290fb95b3b06fc874369675e22230de63aec729d279133488f076cebfaa8c31131714402b580447a19c8eb3aae4fa47b84dd7843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
264B

MD5
fa9eb20b622a1219237c8788005f94b5

SHA1
e6e01b7ed2e673ebb36423b60dc89c9cbcadb9d3

SHA256
7f7edece0c3472d0dc0b069e085262fa313b68b36fdda46107eeacdd7206cb4c

SHA512
7095a31875e2e99565cec5fe2ddc7967c4d76a543568191c980582ba82752f073f3daa956a3123fe709f1dd7cfa9778d7cf5ead77c769ecf3f67838432b7b3e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
1587f991f2a4c5c56bc1732636d90c6e

SHA1
ca628eb8fe6b9f79e2493ce2459f0cc7304f449f

SHA256
b53b385c9e89fa07e2f780166ea43050d5d381b32e3c60b5c86940609821c0d5

SHA512
b29421f91aebbe5768b4ff8c0cd49e05bbf373abf0b5401b580c9fba4ba6432d4ebfa82b06affb21ff627b6d954ff9334deec85e65e779053191659d5d136b20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
27c73410e8f650acede1bf69888ddc0b

SHA1
6f62cf367443bfdcca3fde69ddf61eba63921f23

SHA256
e2336590060672bc6f0834d67cec98c4134b786d3bb378ede6ce39320410dce8

SHA512
18f55fd6ed0c5521ee019c2fe51b5d2db0afb9e075f697f8129572ad4033043bb936836146d6709792433c368df8d89d6d3530938ccbb0abd6accc7d65dbbbd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
376B

MD5
4406101c0444955d4c46117eb3718b99

SHA1
0a2b1dba11c1b45eac471de3fd980cfc3c24506b

SHA256
f2e9ea8b86eb1ea74f2268a80773f566059d7d8f346bf3419dcfe793c17f18aa

SHA512
37d7608c7231d2c327c55d5db6fe7049cb983d0af96f54b0d9f20570a883966257d676aedc2d975cd48d4d5d59959407a0de3340d3e455cb409f9dce1e5f8a65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old~RFe5a442e.TMP

Filesize
333B

MD5
a1784fd131a74c1ce7fad6f8f7e7c691

SHA1
9761cde848b7f8528d864aacfc13039a77e469c1

SHA256
85d5fc8c598f7492d4b283193d612aa6e9fbf0e7dd71ef814acddcf1d33a3acf

SHA512
48548f186da5f995293e172210c65fd70b85ef046a9e21ef8383dd5079057dee746a8052bc333ad9ce8933cfb699daf3a58a6e62a7a8afb94ed4655ee5250a7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
aad9e67b64a34b1aefdef95e6f9d5d42

SHA1
23f6ddde15c6378a6dde168f64bb16aabd84cdcb

SHA256
daf3ce9835ee8a8004c54eb08e0043ed3d76ba78a7c231110659e3752bd6344c

SHA512
9c88b302806689e5e215f71a8cffa50eb118d6adb50231ae3e455233699ae8fc49dd984c7082c8efe526f0f261a2cba4d574882b85a27a3abdbdae61186e4f6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
e11f96276b9b4a5a13ded084f2deb2e9

SHA1
3d0abca576d3136cfeee827558aa9ee9bd908a6c

SHA256
22e27d6feaa0e14e6b8c913ee0715224c9df3301d6e90b3ab23d551d249313ca

SHA512
82890e4ff772c4fde4fdcc3cc436b42df89662d39ee9108046130f754a58a95aac33b6b692d90b6f517477b6665c8edfcd281bff7ecca211a3679e2506844335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
60cb82c407d85704b5fd4bf8ccbac37d

SHA1
4fc278d5ee1b9747a2cf5ffb626cb6c134ac94bb

SHA256
28b36412dded9323b451da582160833d9f9a586846482078ae54ef4f136dd569

SHA512
5adaf5385c86962854b43c7358caa32490ba614597ebfee7894c069ed7eb7c2f0973a316eb00ff928528b277eac0a0b4285a2ddd0126e0324bd0a85e89627670

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
4f5cecf5bd662f2d530c3be5a9ef9ff7

SHA1
7d1dd83dfe481986f8e8d7dbcc04e2117dc3e22e

SHA256
e27d98880d0459be97a3cea9d372ca85feaddc51acdce78af326eb68a9b617bf

SHA512
90bae667ddb2642a0e6d271b128018238c7dfa8a1ac8f02f8577cb238955e09d576b343b7c33f07dd89d551a9f7a904deefb7e481d7bbc89e9b9d297f47ed7de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
688B

MD5
adf13ed42d2c8b232b3f9fe362e3b634

SHA1
21cd1106d987cf08a24dd7cd6c77db9d2427f402

SHA256
959b8d24e56050603913b6bc3f07c0f0e8b794fdb1cdf4e677811c15f88a3a5d

SHA512
8a6a0917b9798a4e0fb28aa34e664b77235829a291e0521e41c144438b80e8aa692000a31395aa7acbfc7eb07a6a6242d8f0c50b5e3a81f3c351a20d4af4ee40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
fe3130afc63b57c4b8457adb4a728194

SHA1
19045a667008447cc1c63cbb2626f97115fdfc5e

SHA256
048842cc3916be65888973e75ed98b7a1c4138d946059e53c5fae0b1418bdf81

SHA512
8e2fae405abe0ef9410f543d522cc0bc0acbeda5bac11e7f92488fc851430f566522d811e952d8844624da5631f21842a4f128500666da89c8849b7789700bb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
604ac83b5b51257cc2f93fb415d1253e

SHA1
013f879290de1cc82a350e423038a0930aca3f9d

SHA256
77b99fced4177b4f3436bfe350eb1eb801ee47e734f3c8083e9c10e1b8b8aac2

SHA512
183cbe3942c4fbba46fecc39180058656e37de8c6c53f297a840e42a27c1a1c884f06fc87d062c2221c00bc041a00f4df70b17ec4142be8c4a080c477c6fd172

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ba8669177805a0f31d15da7fcfb8c3fa

SHA1
6846b7b59b79172efe39f252181216381665aa88

SHA256
c035918e74e4b699018647afc4be58ea94e795b31b8b2af4d121d703e3cb9bd3

SHA512
fc9f079187547cddfc66c0215b2725d038ef158700bb49d8815f177030af05f4dcb7a8cda03826879e9bea2ea6a30010a077718cedc7b61f893f8d4bd6e6afb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b6ff3da361bd3f5ab6d31c5bfadb00e4

SHA1
23dd2b0103f65e70789e9c9421ee0daf102c39d2

SHA256
1a01512f8c0952923aa0be0f1f7c95e441c0410336444a64ba2f7b1ffe7bb3c3

SHA512
f23fffd7ae083dc0a82396abcd5b0d24bd41d981edce75c548c51ce8debcbc884eb0e1a8f7980522879a4f8e0ab2c9590ec093db894a70ce182c2c31cb78d2bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
96952499915a0350727ee57a952ba6ce

SHA1
1d8b06859d4918022d0a49a9393bff778841d375

SHA256
021d8dadc834fb6daccc3c0020e22928523709eb036e07f668009a7efc864a38

SHA512
b2a466886fab5acaef2cc05a07f865ea920566c137b4d5388ec4aa78f4155ba2ab933f18a7a57044aa236d74bf65d99b897b0e92f926da88fb4e6b7358daa329

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
875b826d3ec35fa636cb626fc7bfc3fa

SHA1
ca67a57487a19140d6b08924c7c99b76cef640eb

SHA256
bb498a0565d6803255a301752cb90bb420e99d099bb3a51ec8800c579842cd6c

SHA512
4f1d9e46537f817aa1eb118fe2d2f9aa4272954f256c5e74ed22fd42756060f122a3965bcbfc70eb15549fb42779a7482da535ebd1e3d451416a59b08630cf65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c2810621d12163b16aed91fdbf17d111

SHA1
f03b51a86e857c8b66d1e72708acd142fc35deac

SHA256
9c195616367f9aeb8174c0b74002509afb85bd52926ad056f4da01cf551b75a8

SHA512
008faa334583ee63e498d85d0d5c7c9afbbf754e3ca1f6246e5f9b6834ee814a8f1ce537862d5c7769cd05a0a30a5ad3a2ed2f6e8292423104b57b14ef66adc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
00cc6bc9fc22c5713880179d29da1694

SHA1
b1fd2caa0b37bf8b6213192023306903028baaa3

SHA256
e3a25ee63f67072a9773767e34d9e805cfb4687e8926e43078bdaae9751cf947

SHA512
d6f0d6b171e2b07bc84cfea572432df0d8523ed44c96abc92513dc1d77ed199b5adbf9b8f5b949f6ea36292dd45af4e4f159d16d8fc1ab8c3487124e3b01e7b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
12c01de4ab311d80ed588a5da17dab99

SHA1
2a3eefcf67d9be72c971aa0b208f0e1eb8e4de01

SHA256
c037a95c628eeb9b6cf7613d121f3bcf677686ab6a8f1e51106b44ae4b1ed804

SHA512
1d3acea70b8424594adf3e4e3b8e179ac3decd81a57ac3dd067ddfe352e2b4264659eae644cdf474731b7ab3847a0ad1542e42dcf03f356ac73fdae03b66812c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6acd8df03c920f52336112ae73780788

SHA1
6b2c099bb41621464097af334d97b430fa2bb7e3

SHA256
cd6b19f2c73228c9912ccf7b4f83ca72d1e66a1f4c4f457166d309c119429bc1

SHA512
b854ff417b4a8148c4e8384cd9788e0e5871bbdca2640a5c7bb2c1261037cfc127fd6cbfe55c51c33da4fda5e3dbb98b45309532c58a5dc12ca6bedd118c17e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bc195468dae15c2902cf40a5e1e094b7

SHA1
97123245f96334eee77ac3f723ff04c3c2902392

SHA256
98945998d13b051b8d26c8b9304077a80593f4a461841090b4134889dd37f487

SHA512
a1ac8dfeba16ef47d4ea74ac436052d82b1b591f99fdb49ea664a09638709b11bcd35d8ce94502d38d567e2e15ae0379d4d0f944ccab04fa9e80614293390f96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
556064d2e50b21ad87031d68d16345a4

SHA1
58c2f9974f222755445438c6f5081d5de508a41c

SHA256
1d55094bafb1ba51afa18427719c0af57d4be3a60eb054e4bb0ee4a8d1b122fc

SHA512
85b8d4f371c8bf111359ce82130c21048f936108d66089d0b45a9aa180964d1554f0abf3eaf5415450e93c0b66b1ad46d2c5e3c9724cc582e1b12bd319d48ef8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8fc5957b5047ff208ceb0f825d4a40bb

SHA1
70fbfa1f895cad7ea12d7a69b417c132efc2d3a1

SHA256
c680670e34e129dede0968ac72843fc280d724e9aba104087c09df79bef1184a

SHA512
945104abb27bdcf5b567e06b34014d1e1660513b2b214cd2fe9ecc00caaad7466e0aafead5a176b72c79790da37639b0688d76f8ffcb56a978cc537d3868cb04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c28499aff3b9511698355eaa45c9db02

SHA1
ac78c4f45e37e3429d4605f890eb6260fd8f6b87

SHA256
8307f0486a75c5b7fdac9c5f6ce91dbb64d0efce55f1c9f4ee397020edda87ce

SHA512
30fbded600fd05ad0fc70c528fb35c9be288723cf859aec5ba71acac8eb9bbaf660e99ac72852c3a7f356e779382244a7e5a0aa64680cd1f0c5dc34d0e6e9751

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5e91685c8ea1c51d1940e58d269fe886

SHA1
148aaa147cd5db38db79b65598cde8892cd4f139

SHA256
d18fd453cd75eb7ff26a282e233cf78922dd0f2e6bb97e4eaed40f7adc4cc137

SHA512
8e5a4218ff6bbe27cc8c30d940fb9d5af752841095867988504564501abc69c9813a787d842d512f0fffcb83580c762878b31a63d8fccf8defe25ded305c78ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
4f3c70f3024e6b3d5c46d671fa8b9b82

SHA1
be241a677cc63c5a5384e80f48cd9b8b1e745f4b

SHA256
3711dc78e729c2334fc4193c2d208a5e0ad69d4e38dc870f5a1091317581423d

SHA512
cdb7d367fc9055e2e156277470a670a4fe4e188c4c3da5a04879408e64b051fa96635ed130c3da872defafd1db2c03272018af95adc29bae24c4679c7ce3cd08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
763c903dcb35b79223dce698fadc66fd

SHA1
54bda8440f8790422c9dbaf24beb7b983adb44fe

SHA256
5ef9be3d49b3e79cc007c2769ec3e355edc502a4afd23cdae29bdc81337ace61

SHA512
c7a922ac357472c7e97b358a614090ce1139faee8f84605f89c834d2794c29d0c665540ad2705c5bc4b5e5c6079fe018961cc13c7eb179f86af3d2ba9b826d65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
20f50894e465ee86ebb4493e2933ec8b

SHA1
4fac0a90117476da9716c38dcb0892953ea92c2b

SHA256
8b5d26210c5094ca5c1cd3932abddb10afe43c9191b8687a108222b364bdcbe5

SHA512
2c46f578ec04d2009722e784269819f664ab2df1e9b82b2caf87dea132c433f78df13c657b347f6e0b3e25e38c2083a6fda21e61abf57036543d19b252f527cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
f45b87276655ca8084dc78dfb30e099f

SHA1
34c37245482cc06599071e0547127b1d2ff6441b

SHA256
84ac615e0ebd66ea8ee1ab852e4aa315fe2011b61878ee4e196ab0b05e7bfcaf

SHA512
c1954d288074d5783156c7b2c7743d60e9d6f6bcc80d9f37e2cfde2571c91821edb2f4756164e06c06ce376b0f1906bd892e13da3e5c4937e7f64f2cdc7c63d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d8090d82a572ca9f1ead66528754e44b

SHA1
ae30a846aae55d4e98404ce5fadb3c8f5dbf3499

SHA256
84f5a185e49362839e90573381f661b1ddd559e659b99acba9f2c4d3449131bf

SHA512
21d33dbef9a5e6339b7b59e92b729d7edd9747b721180b5d9cf1819311e004eb14c0647f1e1b73838ffb0e01e12887108c3e2d825b16358d7b6bbdb60ce5c37a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
9e22b63969923ac801cfd4c9cbd3ea78

SHA1
7979367587bd67f3ca2e4a75bb63e8d8c93210f7

SHA256
0d86b8fd626172ef9a69eb008691113f8d7c16459e6491de0ae18a3f9f65b924

SHA512
d5e68ce569d5300827e372144841f51c4f1537f971a75d2ad687bb7961be5090fb1f544e0edeb7d673d03b939e43630ca9c01bcde10e9c2273f3014907278672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
73efcc8c59da08959e774b80083dad7f

SHA1
1f3c32a7e4db79aaf637cd3f21b2f23c520b59ea

SHA256
3260bdb6a155e056198da8622f4ee018f8cabfdd58b04a1a9e408a5480601ddb

SHA512
ef6d4bdc5c732a442b53f87b0ccd69d80d06d06fa79c28f3816cc1240470f3821e1a963b61b01183e327ce2baa6e3d89e3729b5cff0f53f575a17dbfbaac5475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\eae419a9-1f75-49fd-8c51-af1cc61c994b.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
5968d5c51a1ffa921aceabef48dd0df5

SHA1
c239d946346a91c316aa6c006a6ce8a83d0a7bcb

SHA256
9c79cd89e4e7010e13fc81d98a7a3b5305017b4983e1f05b07f158474cd684b0

SHA512
c4d8da93ad9fe49c4c669a86ffc03cd2369baecb68e2c7c6c3e13aae88619a6b4b5c882e5cf0dd1232e40c047a1d596d918815de5e4716444311e1519799eb4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\SecurityHealthSystray.exe

Filesize
8.2MB

MD5
e21d43d3cee92d0c33296ea9d59e2d1b

SHA1
23697ce315ff72044849de939586a6679c7c0932

SHA256
aaf904fd4dc0b76a42cef1db50ceca7e18a0d80f35fdee373416ae3061d203a8

SHA512
f381a2358ae66745fdf595d39931422da9809fa5e6209aa3fe12e15a1e7b9ff1512104a38f8677ffba4cfa772f7227f316d28e0de855bc08fde57a6716426352

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\SecurityHealthSystray.exe

Filesize
1.9MB

MD5
52a4956c7b05e10d35d3edf861f7e20e

SHA1
1996f0c594fa2bf99d79a9d0eb89047de8d109a7

SHA256
86fa605a2011f85d0cbd86c419e324913ff805231ab16777f8a9016fc88d02fd

SHA512
4665c1e10a7105c721ce0d726a11a95a3e04cb8c7401470173946b3bdf586b6cabd8276995d96cfef380a71e1b5ca4081deac60bbf1ddded365963bb49a40d0c

Download Submit
C:\Users\Admin\Downloads\synz_newest_9-28-2024.exe

Filesize
9.9MB

MD5
021614fb40506a29c35d4beb8e9a257c

SHA1
184f16ab0e17eb3b9504eb57f8aa4f3aadf86ce1

SHA256
47736ab0086f8fff2e922aa17512a0659832c308b723efbceee35f93d31091c1

SHA512
d6aab770ebc21c283e5188745df15a1247b83ad4f1695ba659ff7d03d4a6dbb256793d025a56a0fa93898b8e5d38351af35f17d8a5532c4cad7f6392fcf35166

Download Submit
\??\pipe\crashpad_3372_EQMQJPPQUZLYPRSV

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit