e217c48c435a04855cf0c439259a95392122064002d4881cf093cc59f813aba8

Analysis

max time kernel
155s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 14:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e217c48c435a04855cf0c439259a95392122064002d4881cf093cc59f813aba8.msi
Size

5.9MB
MD5

c5c0829df294cc4fd701df5d5c55718f
SHA1

fd581050fe011ff6e71463c9dcc68de14571ef04
SHA256

e217c48c435a04855cf0c439259a95392122064002d4881cf093cc59f813aba8
SHA512

0d40fd22298a5f5537402392ccc707a3fa5421e3501a4867efc8d39c9d343f22f9c0476e427a53b28e02d43e8533c587e590a8716c75a6a5b21c0e65d4505d1b
SSDEEP

98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KEqT:w9mzytc/CKDllTllCeue6STzKT

Score

8^/10

discovery persistence spyware stealer

Malware Config

Signatures

Sets service image path in registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SyncroOvermind\ImagePath = "\"C:\\ProgramData\\Syncro\\bin\\Syncro.Overmind.Service.exe\" -displayname \"SyncroRecovery\" -servicename \"SyncroOvermind\""	Syncro.Overmind.Service.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Blocklisted process makes network request 4 IoCs

flow	pid	Process
2	4784	msiexec.exe
4	4784	msiexec.exe
7	4784	msiexec.exe
10	4784	msiexec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Syncro.Overmind.Service.exe.log	Syncro.Overmind.Service.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\ko\Microsoft.Data.OData.resources.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\Syncro.App.dll.config	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\MetroFramework.Fonts.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\Mono.Cecil.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\ru\Microsoft.Data.OData.resources.dll	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\Serilog.dll	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\Splat.dll	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\Squirrel.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\Flurl.dll	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\ko\Microsoft.Data.OData.resources.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\System.Security.Cryptography.Encoding.dll	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\Syncro.Uninstaller.Tools.exe.config	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\System.Runtime.CompilerServices.Unsafe.dll	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\RepairTech.Common.Wpf.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\SevenZipSharp.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\Interop.NetFwTypeLib.dll	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\Interop.WUApiLib.dll	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\nl-NL\Syncro.App.resources.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\ru\Microsoft.Data.Edm.resources.dll	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\de-DE\Syncro.App.resources.dll	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\ICSharpCode.SharpZipLib.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\Images\chat-bubbles-icon.png	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\zh-Hant\Microsoft.Data.Services.Client.resources.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\websocket-sharp.dll	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\ko\Microsoft.Data.Edm.resources.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\System.Spatial.dll	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\ja\System.Spatial.resources.dll	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\RestSharp.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\ar-SA\Syncro.App.resources.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\es\Microsoft.Data.OData.resources.dll	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\UrlCombineLib.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\UrlCombineLib.dll	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\System.Security.Cryptography.Encoding.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\install.bat	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\Images\chat-bubbles-icon.png	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\it\System.Spatial.resources.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\ko\Microsoft.Data.Edm.resources.dll	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\Phoenix.dll	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\ru\Microsoft.Data.OData.resources.dll	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\Syncro.App.dll.config	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\7za-x86.dll	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\es\Microsoft.Data.Edm.resources.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\Syncro.Service.Configuration.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\Syncro.Service.Runner.exe	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\sl-SI\Syncro.App.resources.dll	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\fr-FR\Syncro.App.resources.dll	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\NuGet.Squirrel.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\Flurl.Http.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\Images\kabuto-logo.ico	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\Serilog.Sinks.Console.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\Telerik.Windows.Controls.Navigation.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\en\Syncro.App.resources.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\Microsoft.Win32.TaskScheduler.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\es-ES\Syncro.App.resources.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\Images\custom-logo.png	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\DeltaCompressionDotNet.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\de\Microsoft.Data.Services.Client.resources.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\zh-Hans\System.Spatial.resources.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\zh-Hant\System.Spatial.resources.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\es\Microsoft.Data.Services.Client.resources.dll	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\Syncro.Service.Services.dll	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\Syncro.App.Runner.exe	Syncro.Installer.exe
File created	C:\Program Files\RepairTech\Syncro\app-1.0.181\Itenso.TimePeriod.dll	Syncro.Installer.exe
File opened for modification	C:\Program Files\RepairTech\Syncro\app-1.0.181\it\Microsoft.Data.Edm.resources.dll	Syncro.Installer.exe

Drops file in Windows directory 10 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{B7F56D3D-2AD3-4021-9D36-3B9E9C9FBE33}	msiexec.exe
File created	C:\Windows\Installer\e5899fb.msi	msiexec.exe
File created	C:\Windows\Installer\e5899f9.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5899f9.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA4C7.tmp	msiexec.exe
File created	C:\Windows\Installer\{B7F56D3D-2AD3-4021-9D36-3B9E9C9FBE33}\DefaultIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\{B7F56D3D-2AD3-4021-9D36-3B9E9C9FBE33}\DefaultIcon	msiexec.exe

Executes dropped EXE 6 IoCs

pid	Process
1164	Installer.exe
1264	Syncro.Installer.exe
244	Syncro.Service.Runner.exe
3604	Syncro.App.Runner.exe
3180	Syncro.Overmind.Service.exe
3876	Syncro.Overmind.Service.exe

Launches sc.exe 2 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
1612	sc.exe
744	sc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000ed06fb648d6ef2080000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000ed06fb640000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900ed06fb64000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1ded06fb64000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000ed06fb6400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Modifies data under HKEY_USERS 23 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	Syncro.Installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	InstallUtil.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	InstallUtil.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	Syncro.Service.Runner.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	Syncro.Service.Runner.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23\52C64B7E\@%systemroot%\system32\FirewallControlPanel.dll,-12122 = "Windows Defender Firewall"	Syncro.Service.Runner.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	Installer.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	Syncro.Service.Runner.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	Syncro.Service.Runner.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	Syncro.Service.Runner.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	Syncro.Overmind.Service.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	Installer.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	InstallUtil.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	InstallUtil.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	Syncro.Service.Runner.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	Installer.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	Installer.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	Installer.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	InstallUtil.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23\52C64B7E	Syncro.Service.Runner.exe

Modifies registry class 23 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D3D65F7B3DA21204D963B3E9C9F9EB33\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D3D65F7B3DA21204D963B3E9C9F9EB33\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\7500CEBB70B554E4C93BAE54CF782BB3\D3D65F7B3DA21204D963B3E9C9F9EB33	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D3D65F7B3DA21204D963B3E9C9F9EB33\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D3D65F7B3DA21204D963B3E9C9F9EB33\ProductName = "Syncro"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D3D65F7B3DA21204D963B3E9C9F9EB33\PackageCode = "778729A429A44874D8D4D102C27F49E9"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D3D65F7B3DA21204D963B3E9C9F9EB33\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D3D65F7B3DA21204D963B3E9C9F9EB33\ProductIcon = "C:\\Windows\\Installer\\{B7F56D3D-2AD3-4021-9D36-3B9E9C9FBE33}\\DefaultIcon"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D3D65F7B3DA21204D963B3E9C9F9EB33\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\7500CEBB70B554E4C93BAE54CF782BB3	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D3D65F7B3DA21204D963B3E9C9F9EB33\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D3D65F7B3DA21204D963B3E9C9F9EB33\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D3D65F7B3DA21204D963B3E9C9F9EB33\ProductFeature	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D3D65F7B3DA21204D963B3E9C9F9EB33\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D3D65F7B3DA21204D963B3E9C9F9EB33\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D3D65F7B3DA21204D963B3E9C9F9EB33	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D3D65F7B3DA21204D963B3E9C9F9EB33\Version = "16777216"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D3D65F7B3DA21204D963B3E9C9F9EB33\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D3D65F7B3DA21204D963B3E9C9F9EB33\SourceList\PackageName = "e217c48c435a04855cf0c439259a95392122064002d4881cf093cc59f813aba8.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D3D65F7B3DA21204D963B3E9C9F9EB33\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D3D65F7B3DA21204D963B3E9C9F9EB33\SourceList\Media\1 = ";"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D3D65F7B3DA21204D963B3E9C9F9EB33\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D3D65F7B3DA21204D963B3E9C9F9EB33	msiexec.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
3368	msiexec.exe
3368	msiexec.exe
1264	Syncro.Installer.exe
1264	Syncro.Installer.exe
1264	Syncro.Installer.exe
244	Syncro.Service.Runner.exe
244	Syncro.Service.Runner.exe
244	Syncro.Service.Runner.exe
3604	Syncro.App.Runner.exe
3604	Syncro.App.Runner.exe
3604	Syncro.App.Runner.exe
244	Syncro.Service.Runner.exe
244	Syncro.Service.Runner.exe
3876	Syncro.Overmind.Service.exe
3876	Syncro.Overmind.Service.exe
3876	Syncro.Overmind.Service.exe
3876	Syncro.Overmind.Service.exe
3876	Syncro.Overmind.Service.exe
3876	Syncro.Overmind.Service.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4784	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4784	msiexec.exe
Token: SeSecurityPrivilege	3368	msiexec.exe
Token: SeCreateTokenPrivilege	4784	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4784	msiexec.exe
Token: SeLockMemoryPrivilege	4784	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4784	msiexec.exe
Token: SeMachineAccountPrivilege	4784	msiexec.exe
Token: SeTcbPrivilege	4784	msiexec.exe
Token: SeSecurityPrivilege	4784	msiexec.exe
Token: SeTakeOwnershipPrivilege	4784	msiexec.exe
Token: SeLoadDriverPrivilege	4784	msiexec.exe
Token: SeSystemProfilePrivilege	4784	msiexec.exe
Token: SeSystemtimePrivilege	4784	msiexec.exe
Token: SeProfSingleProcessPrivilege	4784	msiexec.exe
Token: SeIncBasePriorityPrivilege	4784	msiexec.exe
Token: SeCreatePagefilePrivilege	4784	msiexec.exe
Token: SeCreatePermanentPrivilege	4784	msiexec.exe
Token: SeBackupPrivilege	4784	msiexec.exe
Token: SeRestorePrivilege	4784	msiexec.exe
Token: SeShutdownPrivilege	4784	msiexec.exe
Token: SeDebugPrivilege	4784	msiexec.exe
Token: SeAuditPrivilege	4784	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4784	msiexec.exe
Token: SeChangeNotifyPrivilege	4784	msiexec.exe
Token: SeRemoteShutdownPrivilege	4784	msiexec.exe
Token: SeUndockPrivilege	4784	msiexec.exe
Token: SeSyncAgentPrivilege	4784	msiexec.exe
Token: SeEnableDelegationPrivilege	4784	msiexec.exe
Token: SeManageVolumePrivilege	4784	msiexec.exe
Token: SeImpersonatePrivilege	4784	msiexec.exe
Token: SeCreateGlobalPrivilege	4784	msiexec.exe
Token: SeBackupPrivilege	2336	vssvc.exe
Token: SeRestorePrivilege	2336	vssvc.exe
Token: SeAuditPrivilege	2336	vssvc.exe
Token: SeBackupPrivilege	3368	msiexec.exe
Token: SeRestorePrivilege	3368	msiexec.exe
Token: SeRestorePrivilege	3368	msiexec.exe
Token: SeTakeOwnershipPrivilege	3368	msiexec.exe
Token: SeRestorePrivilege	3368	msiexec.exe
Token: SeTakeOwnershipPrivilege	3368	msiexec.exe
Token: SeDebugPrivilege	1264	Syncro.Installer.exe
Token: SeBackupPrivilege	5112	srtasks.exe
Token: SeRestorePrivilege	5112	srtasks.exe
Token: SeSecurityPrivilege	5112	srtasks.exe
Token: SeTakeOwnershipPrivilege	5112	srtasks.exe
Token: SeBackupPrivilege	5112	srtasks.exe
Token: SeRestorePrivilege	5112	srtasks.exe
Token: SeSecurityPrivilege	5112	srtasks.exe
Token: SeTakeOwnershipPrivilege	5112	srtasks.exe
Token: SeRestorePrivilege	3368	msiexec.exe
Token: SeTakeOwnershipPrivilege	3368	msiexec.exe
Token: SeRestorePrivilege	3368	msiexec.exe
Token: SeTakeOwnershipPrivilege	3368	msiexec.exe
Token: SeRestorePrivilege	3368	msiexec.exe
Token: SeTakeOwnershipPrivilege	3368	msiexec.exe
Token: SeRestorePrivilege	3368	msiexec.exe
Token: SeTakeOwnershipPrivilege	3368	msiexec.exe
Token: SeRestorePrivilege	3368	msiexec.exe
Token: SeTakeOwnershipPrivilege	3368	msiexec.exe
Token: SeRestorePrivilege	3368	msiexec.exe
Token: SeTakeOwnershipPrivilege	3368	msiexec.exe
Token: SeRestorePrivilege	3368	msiexec.exe
Token: SeTakeOwnershipPrivilege	3368	msiexec.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
4784	msiexec.exe
4784	msiexec.exe
3604	Syncro.App.Runner.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 3368 wrote to memory of 5112	3368	msiexec.exe	107
PID 3368 wrote to memory of 5112	3368	msiexec.exe	107
PID 3368 wrote to memory of 1164	3368	msiexec.exe	109
PID 3368 wrote to memory of 1164	3368	msiexec.exe	109
PID 1164 wrote to memory of 1264	1164	Installer.exe	110
PID 1164 wrote to memory of 1264	1164	Installer.exe	110
PID 1264 wrote to memory of 232	1264	Syncro.Installer.exe	111
PID 1264 wrote to memory of 232	1264	Syncro.Installer.exe	111
PID 232 wrote to memory of 968	232	cmd.exe	113
PID 232 wrote to memory of 968	232	cmd.exe	113
PID 232 wrote to memory of 744	232	cmd.exe	114
PID 232 wrote to memory of 744	232	cmd.exe	114
PID 232 wrote to memory of 1612	232	cmd.exe	115
PID 232 wrote to memory of 1612	232	cmd.exe	115
PID 244 wrote to memory of 3604	244	Syncro.Service.Runner.exe	117
PID 244 wrote to memory of 3604	244	Syncro.Service.Runner.exe	117
PID 244 wrote to memory of 3180	244	Syncro.Service.Runner.exe	118
PID 244 wrote to memory of 3180	244	Syncro.Service.Runner.exe	118

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\e217c48c435a04855cf0c439259a95392122064002d4881cf093cc59f813aba8.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4784

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3368
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:5112
- C:\Users\Admin\AppData\Local\Temp\Installer.exe
  "C:\Users\Admin\AppData\Local\Temp\Installer.exe" --msi --key CdycOB2hlD1SvDitJAz-KQ --customerid 01018025 --policyid 0 --folderid 02824915
  2⤵
  - Executes dropped EXE
  - Modifies data under HKEY_USERS
  - Suspicious use of WriteProcessMemory
  PID:1164
- - C:\Users\Admin\AppData\Local\Temp\Syncro.Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\Syncro.Installer.exe" --msi --key CdycOB2hlD1SvDitJAz-KQ --customerid 01018025 --policyid 0 --folderid 02824915
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1264
  - - C:\Windows\SYSTEM32\cmd.exe
      "cmd.exe" /c "C:\Program Files\RepairTech\Syncro\install.bat"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:232
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
        
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\installutil.exe" /ShowCallStack /LogFile=C:\ProgramData/Syncro/logs/ServiceInstall.log "C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe"
        5⤵
        Modifies data under HKEY_USERS
        
        PID:968
    - - C:\Windows\system32\sc.exe
        
        sc failure Syncro reset= 60 actions= restart/5000/restart/10000/restart/60000
        5⤵
        Launches sc.exe
        
        PID:744
    - - C:\Windows\system32\sc.exe
        
        sc start Syncro
        5⤵
        Launches sc.exe
        
        PID:1612

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:2336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4060 --field-trial-handle=2272,i,11831746627654527593,10138103687018060346,262144 --variations-seed-version /prefetch:8
1⤵
PID:4684

C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe
"C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe"
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:244
- C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe
  "C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:3604
- C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe
  "C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe" install
  2⤵
  - Sets service image path in registry
  - Drops file in System32 directory
  - Executes dropped EXE
  PID:3180

C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe
"C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe" -displayname "SyncroRecovery" -servicename "SyncroOvermind"
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:3876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5899fa.rbs

Filesize
7KB

MD5
f1e354492a7415cb926a6ddd0d26021e

SHA1
9f07e98e024b874c8bddecfb9abb3c6f0cd8b605

SHA256
18baef8472dd76f4fb260dd67032202bf3588be03a8d044ab060efda0e3258aa

SHA512
97c277e041714d94a227aae9b7c4f10ededcd6ba5a76bfb2896d39409c67aa382efe638233ea424a44c5c5ef735e4a990f99b3034bcf4ffd59d18f214bb4def1

Download Submit
C:\Program Files\RepairTech\Syncro\Syncro.App.Runner.exe

Filesize
32KB

MD5
1aa2d8a5d3ecc3aa134528b7117244b3

SHA1
0b149d62a7883c6c903118c7b6886a981d1ff31c

SHA256
60abbb3e61ba60715051790ad84703855455a24533e6e68b7fd0791b79d37b14

SHA512
500938e0df236efc0242a81bfbef2c9f8a7ca52644fd1c05146c7a4333f8d525d57169ac38cce945d0cdc6759601e41e17db06f71fad8e5436fe94c0d050d958

Download Submit
C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe

Filesize
36KB

MD5
55d568af3444a7319dfdb2ddc0a6bc2f

SHA1
e6fb8fc639c71c2ef922ed9f36b29cda45622292

SHA256
10c8cd588d627f46df3a7385e07d36674c2f0374e6327c7f9595cb22d8635753

SHA512
1cdb5edd9ed982e6eaa20042efaa4e57a5d6b6927c921d06accad2493bc7ac6d7444a2467b38b82a5a6cd3c7d8bf59e32ba0e858290327770007914818fac3a5

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\7za-x64.dll

Filesize
373KB

MD5
5e79330dfa8f102da34a4ae39b181da1

SHA1
231c9f1ee6cb75c094b07f81266bc037e8bb32cf

SHA256
f306d5766040c252e312893b232cd985b5bf8c7bb1856db78cce9fb2d4a4ff58

SHA512
f3a94186ff62ddfd9ba3dcefc25e55d30255d3b57b94bdd76ce2f541487357b4e6aa7bca431757cd448e8a15d22989240ccbf87617bfd6a79d941d961554bbb6

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\7za-x86.dll

Filesize
263KB

MD5
3107caecf7ec7a7ce12d05f9c3ab078f

SHA1
b72ac571efde591906771b45bed5b7dc568d7b08

SHA256
bd377ba96ff8d3cbaea98190c8a60f32dc9d64dd44eed9aade05d3a74d935701

SHA512
e5f7bceb39975bc77de3d118ab17aed0f2bd5df12dbbcad5a355c34d71dff883a482b377e4b98622ccc3ba48649ba3330d3bb0bac7f9f2e861d9af0c10d1637e

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\Autofac.dll

Filesize
247KB

MD5
94bce38faf97857d39b9348f43664317

SHA1
8adf558ad484b47a94e199318a4fad70eab0f090

SHA256
0bfa585a98172330547fec4bda0d747afea4b01bc691378dfbef2ae82d110dd4

SHA512
e7ca307423aa8527b379a88f2bcf2cabe34b58d04b2f979ad4ae11867fa6a08984ca5212706f749fcfab5338e0cceefa1dd35bfa8e9921fa40ec8cd0c8caab8d

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\CSharpFunctionalExtensions.dll

Filesize
125KB

MD5
841e154928ed4f18c7750a39780d118b

SHA1
f383e8aae69a942ffd0915122f67b0f963d6c119

SHA256
dacbb5f45d70b290bbed42249c06d26cf65440e63f2ac1c8db125e808a693bbf

SHA512
22e68af198233d374e609809666bc8d77f1afc741c1436fcdd321ccd7bae8a52663e7284350211cdc640cd29af550084b52343b79e8584464733200ad74bfdfd

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\DeltaCompressionDotNet.dll

Filesize
6KB

MD5
21ae702d34f87ea0ff5fa9acf600b332

SHA1
dce549f26d124db29e5ead09bde2439b8df07595

SHA256
2f700d3e898e4d4701551bb617640b25675a02c980c8a5cc00672ddceb255d82

SHA512
c3a9cf78e61afbfdab20b5e3ee73426d2a73a9a3d7d1615628346bf59a52499e6be62f44c8cfec8a3be5ff5b62f2de8390f8ed052056417e929224859157284b

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\Destructurama.Attributed.dll

Filesize
15KB

MD5
7eabdc9525bd1814899de66fef6be715

SHA1
04cf3922eb9d39adf9e3acfe7cb5246c5f718c86

SHA256
ac6ef04b83ca3ec163e6998ef4904434bffc0405a793ae5dbb2e800e3984dabb

SHA512
a0b95e6f5212ea7c2cfa52e372143973f72254aeb67fe6032b1db58b840f93ec9da87e565bb696417bb5bd7b6dd9a3a35af461cf51b0651fb2419ead79ccadd0

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\FluentCommandLineParser.dll

Filesize
51KB

MD5
de2b96fbe5b4104094389d69afb3ee4e

SHA1
d264d7519a6f4b6a6df6f39a382e352d4a48acdf

SHA256
0118168035446602ef5ca6f5426f8d54975f58613c3898e0b6689d92a35c589f

SHA512
c73a93fcbffdcbfa1b1c5928ab4304eb172710cd4ea3795796edc6e08145078199a4b0208464438d08fc569212fc11778b1d2c86ed7e6ee7e3b86f5321f33b03

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\Flurl.Http.dll

Filesize
103KB

MD5
67c42a9cd1262c422f8ea562805f0294

SHA1
23d99f695530cb18bf9009668bb414338c953f60

SHA256
62d4336b23c78955d9e51573935102beadd58bdb19530bb6d650cf39f4d8bc30

SHA512
881cf4f3fb64dd2d1f42146abec7bfddf95a80a131774d7a6196b54197161866bfc09e1b6f16074f96454aecec3a03540b706e2c43df828a7c954e57e282ccca

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\Interop.NetFwTypeLib.dll

Filesize
22KB

MD5
65a6be1f8674bf2489d8e858ee8d7e65

SHA1
46a5a710f2fceb5c4daa7150a4b2517478fff0ae

SHA256
72a5ad582c5e1f754256a5de51ad01602ba23b295172de0efd27137affc44454

SHA512
333d1756b30b802c1ba3a690381238da8d356944ffc4fa1f49d9f97374d476de1989e66613fe97ddf8c6db76c567cd6f4f58651452baafd899d4c4e5c24c922c

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\Microsoft.Bcl.AsyncInterfaces.dll

Filesize
20KB

MD5
5220eefd7753e11b99d73faf39fbb486

SHA1
7d8264be4fcb17f81acb8b1add980cd96a6fd856

SHA256
ed5bc605f7f9fcc382183abef06c354dad946abb42a07631712077b2157d6bc9

SHA512
81e483bd76240543704194c0eb0c8a9e7dc46aa535653e7d5590e00c002b2980237ada793c05c0eedd5d1a92de90055867b21be665ff94fac038e280939c66c1

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\Microsoft.Win32.TaskScheduler.dll

Filesize
229KB

MD5
3b64aebb9d2a910b6839b56c84653a9b

SHA1
0fdd9adc8048547cf3328295db2ac291f5c6b81b

SHA256
fcc18b30e67afe2e5e037ec4e2bcbcf1153e0c257dc26dc48084676a87be2486

SHA512
463a3fb2957bdbbf6effa43562e331a24aa49d1c5dbd0509773f5d3ba2830d93a684876c5eea0b744a2fec7d7b70e12c1d1533c671ccf590f53aaaf9252d23f0

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\NuGet.Squirrel.dll

Filesize
501KB

MD5
81739aac13c14e63a5d81b0c0fe50939

SHA1
950ad43b2cd27a8a581b89fd525ad8ee371db9bc

SHA256
5b9a3046a77de4d9bc9e6568ad84c92041c2481e44d8745fbc66a4bb093cdc36

SHA512
df3e080cb8e594b08d28da5be502d17d7573e130f7087672a13a79c082f3fd3f410b7a58d3900f3c25fec9d3d0ca492df69b2eba5a23b04edae2af13ef1be7b7

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\Phoenix.dll

Filesize
19KB

MD5
3ffde9b3031da386318d87953fdbd4d2

SHA1
14d36bef26592d787cca074b9a39f2af214c7feb

SHA256
f2a753dd5396ec0b188cb5fd6be94710d385c1a0e333cb2c771abd2b488f0eb7

SHA512
3dd85cb8f721219e7c230411f999a62541468f800480d3dbbf6d7df7adf432e310ff47a021da8ea0947494933b9dbf4850757040053d71baf301d8fd639374de

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\RepairTech.Common.Tools.dll

Filesize
346KB

MD5
1a67b9239c20b019d7a466a43a3b934b

SHA1
e319d8197312e35c9de8b05b3e687f9169a1c6db

SHA256
58e878ef31fa3f7c185ac04827e75e4f54ee09faeb699fcc718ede24798f5d68

SHA512
c484db8ebd6b72558d870fb7883ed123c3fc82ced4ad6ab9ac6cf7658af5b797a7232153f1f6e38533feed17fc4ce5b3e3aa7ff8c742602ea2a25cb15ef67b4d

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\RestSharp.dll

Filesize
167KB

MD5
b4aaa21288c1d923150c8d88b6ece126

SHA1
6d99e70ab9511aee701ff7068b5792f4194377bf

SHA256
b539f648dab37f211acb38dfcf4c79b488fa3beb5a7edf6740f894d2d1807449

SHA512
0de9227f5d134fc6b7029fb8202beade5e30be1f236e785eaae534cb0e944a98d9adfa2dd1917138994cfcfa2047a45c935f2b4f96944ed3dc017762ab9e08ca

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\RollbarSharp.dll

Filesize
36KB

MD5
7931fd2a2e06c7a654c9edfe388a8033

SHA1
2fb6de045f81bd56fce6a367dd992efc73ba4405

SHA256
cd722eda12d89b33cc00fa7e967eb6837b8335fada88368a6896d357f4362c15

SHA512
33ff92fa6dbb93b97c739ece89433c7ed34106e91cd76eb2431d0e840338af3dd456c3116b8362de33906eb348ad7eded630e28a98c94536ee8c1f3baf8f6b80

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\Serilog.Formatting.Compact.dll

Filesize
8KB

MD5
fdb7ad01c66a0c96174300167fadd249

SHA1
38b9971de844165f164e37e2d234d16f6022636c

SHA256
2d7dec266c5436f58ab620db4e3b5c83e550e7f76caff26eae8186b14b52cdd6

SHA512
13df8a0ec363dc3a8f80114c64869db6f1233ae250df1bf48260cf62588065200d5a920f7d16d41faac4ddd4b9edd4d3383d1bbdb1849d120a145175d3a74d4a

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\Serilog.Sinks.Console.dll

Filesize
31KB

MD5
c48bf7030e583e273e94e2d32b752a83

SHA1
51666bcec96f529b1a28b72db54cc7fcdf68441d

SHA256
ded3b57b64eca479f2a659a244e4c403ebfb83a9a9b30ced893c145e77affd29

SHA512
475e61bbb4484f468548dd7590d1d0bcc19912b322eacf2960b32c2c3ff1084231ddf8e689735e385a1f43e9912f79a028eae136c7dc8e130f2d3dd1eaf1f004

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\Serilog.Sinks.File.dll

Filesize
25KB

MD5
6509ca95a38ac29c03379113172cacb7

SHA1
f94b8d751fefcd29d28875e291fd570e103d12d7

SHA256
85ad8530adc1dec3b97f2074c720b81528ba5ea6c7274e1a98a906304bccd12f

SHA512
d8bd0b8998725e2fa361bcb446f48b6105bd603707bf914bb978c63b5c40958bcd2a3fef1f666541793f1d06377f3f2967d1241e445bee6919eb8f84f5a5d7f5

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\Serilog.Sinks.Literate.dll

Filesize
5KB

MD5
a0ebef9e8cce247cc12310a03b38aa7e

SHA1
22848b43d3b7f99cea7b339e86fcb4c08d7e6e51

SHA256
5e2e204439217c960237a894548680b39d5972fabfa3009538f43530eac23a3e

SHA512
53dc332b0329899883e019a4adbead244c65324fc4654c6c4d8080b3f2cc1953f2d0c61ac3507d00ac85c9cb98d711e127df335e334a3e2b2e70e59e3239d758

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\Serilog.dll

Filesize
115KB

MD5
fbfbf8c2de7f389105d728037bfcc11f

SHA1
91dd7e807ffcfdc9cb67f5a75d85dcf537475583

SHA256
e7c7528f8a920988862b8c22d0ae4c40df6824332780c1cec41d84fe633b6bed

SHA512
264667b13ff54e8ae24663f6ea11225794946c5db34d440bd68cc90c940c92d1da7faf39dfa551d13a19f5e21c82130662ffab2a2e2ebfb004576d880e9fb369

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\Splat.dll

Filesize
45KB

MD5
1975e684c48457d72f37696bb1b880e6

SHA1
eb254b470df9172aa07f13e7280bced746d95e22

SHA256
7a6f255cf59d6594c8f5bc466956f09305a3a10c8d683e485c7e1f14371701c4

SHA512
edb06da485e4dc562c7833ef887172be5ddb4d36a041463dc662ccafaa8fad816306091f774a7463f1538ad1c62ee9433bd12673d943bd885bf2cb38fc633a08

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\Squirrel.dll

Filesize
235KB

MD5
987c5119be7764315baf2140160f8f39

SHA1
eb2bc9701cf24a02b81477bda0303de38dea08f9

SHA256
46d56384bf964fa67ead716859bfd4f388fbd866bc08cef51f55e39f4c20af84

SHA512
e9dd3d897500dab872cf770fb97c6e8f32c0f8b3b3803e32299b204babfb59611afb2eb45482512701457287a0c1801b95fd0a667d08548c06779802f2489d3f

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\Syncro.App.dll

Filesize
429KB

MD5
6bbab6d4e2ec73ae2cf7af5749cfe4fa

SHA1
135dc126cbdbfa88701898c72ff0661d989d1306

SHA256
954e4a7c150e733755897e8f97ca8fcda352df1d8ecb8676e5198374e51d1083

SHA512
da5c9e654e91b3e62b91a12116acd6136c80d58e0886503b49f72927c04553e14969bd0759b59577b9ef56320506705f16dc40a816dd7ebdcf3e31a6b4db6e0c

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\Syncro.Contracts.dll

Filesize
90KB

MD5
52270cf1e73ab5bb576543b56486d353

SHA1
28c8039ee806eb248d058f19281ca84667c1ac28

SHA256
f579a2df0ba32acdda2f77e125e9590ce88f8df8e529b6f349b7a2a37d82046d

SHA512
143ef87664690d8dd2d06fbe70ea0c28d5660213a1d3a40cfea0fe6678b9ed03949c7e23a86913e7b35dbd58fb28f27a6e73ba84d9c643023f1e7e96ac521c16

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\Syncro.Service.Configuration.dll

Filesize
10KB

MD5
ca8013b661554d50108581507d747f99

SHA1
91fdbd14630c247db8aaa1dea2996dd24eaaaad9

SHA256
ca455a5413648c4f68db90065f52fe668507e6d853e8870ef9326523cb1c0e4a

SHA512
85015f4dad29a1873fb87fca81aadeaba4490cbfd0cfaedccbdfe57e1649e223fb5b3700e2c9c96c77ad6e64ca60973cd9c75b46c9b83e29e9a7201f71f8d37c

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\Syncro.Service.Interfaces.dll

Filesize
5KB

MD5
c0752c81681deffbac9093d37b8722a9

SHA1
8dcb77db970a5c59952a0d7fbab584da973e8d76

SHA256
2348f9f5bed1b3aab5685b7ac262936f336da742161e8b8c0de76d00d02f2fa1

SHA512
7feb30564356d861ae359c649d2c4b5dd2ae64fa13ab870303a23809fa814e4913de8d0bca83ff83f045dd0c9fa25e096155456f55aba659dc09871814abca17

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\Syncro.Service.Models.dll

Filesize
20KB

MD5
e0d383f260b5855368b2f8b32a2bb963

SHA1
0e83b0e3391612ee1d52df0a153cc976c3e2221e

SHA256
0e5fe4b1820a2e3674644845a850b2faf59f16305b30bb22c9b4c0df99f76db7

SHA512
508eb8313ca5b85e3d2d4567b12eddcbb13ba608837449bac7931e60603289e0bbdd5d316510ee4a0962df85d8c3e64fd67e7170b0a7fd11750543e13e29247a

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\Syncro.Service.Services.dll

Filesize
9KB

MD5
ac3602f4112c03e1adac694136df7954

SHA1
d6044e6284e2de475161e56dcdf7e85f58dd6961

SHA256
7b9553470d85c8fbf4bc03818cbc09fbc6321141544008d91f92adb8c21e05f8

SHA512
f00448a478110bb8a762e771ff09010bde751e7d077c489b75c07c668835a578a9f5560ddb5c9790350d7cd10d829c4a71090b3405708ac7c6cf70f59c2c924e

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\Syncro.Service.exe

Filesize
1014KB

MD5
4c209c9cbe048f89c5133de0aad8dacb

SHA1
75f53e8f64d42a16cda7d268dc743c6b6ae09ab3

SHA256
4d6cecfb5ad8dd5fd6d2d2281342b2413f4613d7a8a3f3fe6a7aa33e959df449

SHA512
71e3983c6e536eadc839ca8b3aa5c80918a2679a335418a05bae436ca78c346999a2daa65b8f899782701b1698ab04f13b83434c4e71cbc6728b393c58d14b96

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\Syncro.Service.exe.config

Filesize
4KB

MD5
5677069f11abf1c3a3425ed59e2b9146

SHA1
4f39cc032f2c486e92077e8a28aa3d96197478ba

SHA256
2343a97163ae4adf1af7924f8f067b6c5e89acfc15d29dfe6909ba28b37e1d2c

SHA512
4a9b771c7a4c35703a6f9c4a69a66155c044b395fe5a264684a022b3be733d73bd8d693d01033ba89dcf0e5f6daeb8f44733f0316f4e1fc251fb262946c1b56a

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\Syncro.Tools.dll

Filesize
88KB

MD5
0a5d2f9c33e33f441cd24c86c1b79956

SHA1
5f4cf2f84af2ec13e9b23387c3a8faeefd10487e

SHA256
89375d06f34d4d772befff65b3aa61d21d73737839ac22d37b51f261ca69d7b9

SHA512
1f7c2fd10b24ea92b82cfc312846d5b2f0bee376e4f32f50f5ad4495cd602449db08e10fa2106a5038fbc95a79e3d17439322b07ff5373b7c0da3fff3e388951

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\System.Threading.Tasks.Extensions.dll

Filesize
25KB

MD5
e1e9d7d46e5cd9525c5927dc98d9ecc7

SHA1
2242627282f9e07e37b274ea36fac2d3cd9c9110

SHA256
4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6

SHA512
da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\ar-SA\Syncro.App.resources.dll

Filesize
11KB

MD5
c231457b0d407c0e0728dc23f0b38ad3

SHA1
14b277fc40217475e46b363f5e7f580b6ce88cea

SHA256
2e7ad91af8314df2a9194f9ec656afffdb5b24b75a403652873e7df264033daf

SHA512
d9ab08a686b20048c0b46a6001fd470e9450904602eb521bb1dd54b44a660aaa9890603264ab8245dc4f3f18e100efe57acff879bde88633cde80e4b515c6115

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\config.json

Filesize
626B

MD5
ed2a5d111bb2a412e01fafb4574dd284

SHA1
b3ccc6cb21e306152359c38f31ec8746eee02449

SHA256
9871966384fbc0aaa033613b9d65a8a1ce139094a2c42622a37a6b8d70dbe7e2

SHA512
cf99c2c4f6a0166d559cde4eb79ba8240c717ba946a47f212bc341c89c0ee768e80853bc6518153b402bd7711320df81a27f24f044e3b9d9bb4f94e5ba46723d

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\cs-CZ\Syncro.App.resources.dll

Filesize
9KB

MD5
ac60e12cc1c7ebcdfcbd180dc4ee639a

SHA1
7a3804d9604c128fde27628a05fab47469e1852f

SHA256
fc2fab060b7885e2df50aa9d3a18530141bed24cb8333b7f4160e88aa9189027

SHA512
3bdddc519422fb3d2ac0bb73290a8a1a8002367b51ccae379e8149ce509ef1cf6686b5a579e75bdeda060709354466755992d08701de0b7fce5fb4f734072cb1

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\da-DK\Syncro.App.resources.dll

Filesize
8KB

MD5
1a4fc4a45dc007321734a8d3ee6e0dc2

SHA1
1f212c018fb7c6f8d037b2bcc55cb0dca5690a14

SHA256
ec8d9134c6f61647d50f782b2cfd667a6837202d9092afa9f603d3c405e8ba6d

SHA512
aad10c5f109f70439fc180fdee721c1a7efaebbd621d4b554863d9e66eb2abc589960fe8a0084077dcba3284c1d76a233300cfb1132da239c98e80813c210602

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\de-DE\Syncro.App.resources.dll

Filesize
9KB

MD5
65ad86e7b157ac056b42267c8e9beb1c

SHA1
a9a181c471b68314f9c606e8badb68279f0ccb50

SHA256
ce5295d9c495be555410735d4430c41e5a27b87567537fbaf6496551b37aa8a7

SHA512
9fa21152c02beb5cac26af478dd455b510bbbcc750aee1848f65221dda2a47238af2ea3c18d5ef84802948c0b797fdab802b32ab63ef94fa60a37364211b8a20

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\de\Microsoft.Data.Edm.resources.dll

Filesize
64KB

MD5
72cb6cefd5ce2e63ef929ec63b5c84af

SHA1
8029264b8756995e9fa61d9fea3c3acf49a8c965

SHA256
afcc051b49b4a102bd618d8f3e914346d402588e42333f71c2ab43c9f90f5590

SHA512
2c2cef19cd5db66d1b094c359bf61b17b1c36c6824435c38f9757075df9c7d265c0e51ab9aa2ff9ae8f52f40597ce9a8d93d2940c3dac26b3280157505d600f8

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\de\Microsoft.Data.OData.resources.dll

Filesize
276KB

MD5
055cacf6d88d81ad52a8e30e83235cd2

SHA1
7503d8f5a5cada210cfaa027f2b271d1bd43c77e

SHA256
8435109572a7548a21c20cc0a3054060127f49376efaf548aaa303828f257217

SHA512
29677fed85a71a822cb664a3aa2752895f3063f45575424f94c7fd215b55ad4fa8daf204874e706b933d2a15781c7a79db9ccb5d6944606375c9f539184d2878

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\de\Microsoft.Data.Services.Client.resources.dll

Filesize
62KB

MD5
7f92069cfd4ea63487c25d6ecd96d1f3

SHA1
ecd3aecf23db7854039abe0aa2d77d826b793b9f

SHA256
36dd5a40328c39e032f2cdb3b0f8ccf384716e46488a4e3356a387f74c03357b

SHA512
96e428ea65d7d08a4cc7c4c0c96777fc3199ca27c2c2ad22be4ca9c195ba68abea16020716cb91e65c5136369939d59bba987977d957c2dc031912dfa1a65d68

Download Submit
C:\Program Files\RepairTech\Syncro\app-1.0.181\de\System.Spatial.resources.dll

Filesize
17KB

MD5
ad73b408cd61bc349ecb29d018a90f25

SHA1
caad4c59edf3975329683648bebd2df393b6a35f

SHA256
60225714f5f67c7afe03adad6b06de02396f687f441813847c7c5d083ab10fbd

SHA512
2b6e8584ea1446c6f33c53014a18ee824dc1dafaa2eb9bbc23d6ac641e183133cccfff8ffdb20ce048c780470f1e3fa5e994a43a4e1456c61ca12fdc8fe86708

Download Submit
C:\Program Files\RepairTech\Syncro\install.bat

Filesize
639B

MD5
e3eb8d69316f0551bda4908c44d8684e

SHA1
dc8d0350c67f2a9b4a2adec253863273c26aa760

SHA256
8952ea8c7a55898f87d131886cad0ceb966ad4475c701ea6590d906bfc6dc0af

SHA512
b276ab4113ff39c715b840d84916c49319d03b8458dea0bc9c1f23f87a331dac1975e5c596c088cbdf44c50e5a9bc54ddfdbb5fe9363f7496ce242dab3f37865

Download Submit
C:\ProgramData\Syncro\bin\FilePusher.exe

Filesize
23KB

MD5
8a7d79caadc5229eac84e620b241aca1

SHA1
ef33f0ba78079880105fb8729e7ffe4c74028453

SHA256
8b3075e30f7e1d507d9e5de52305271cbaa3c540a0cd3e5895bae5df0fdf3704

SHA512
9cb3a6587b83c321d773bce36497c239877198b18bd9cc4131273930570804f0ee948f3423def0d1c347df9a33b8ab1f477b3553ba6aa98e3dc1a7967bbe2acd

Download Submit
C:\ProgramData\Syncro\bin\module.psm1

Filesize
12KB

MD5
3c612231df36acdd026a3442449843f5

SHA1
65e906ac1c900062c92f9ca1ea227a5ab12f058b

SHA256
a7f8b18957844582111e67cf37b4bca6976db05ea70641c4b02dcc2d83c72c8a

SHA512
89d3ae21b81899ccbde29309b503673a94ed53d2c04f634758e9cc5e6cc9a32c592d370bd3d27670acef7e1f5a6a26735586a928b7aec3472a2467a65ba72a99

Download Submit
C:\ProgramData\Syncro\logs\20240410-Syncro.Installer.log

Filesize
6KB

MD5
a87a188b0f235549b8810a5b8dc3c506

SHA1
2739425105fc9c3b0e9775716cc0fdbd27315fe0

SHA256
8e9818fa9f29382fa403849328490f171a97814001fcce87a8c82d107a50c384

SHA512
0e2e3f80c41e1e6baf9a33f3de18d016e3a0bd4b22cbcab72f1cadebea19fbc55fe1a533bff64a2b7779eefc0504ebb78d2a6c0fc4f8269a44c0e2da8619eaa9

Download Submit
C:\ProgramData\Syncro\logs\MasterInstaller.log

Filesize
1KB

MD5
574c156183587e0208b12b20d8e06714

SHA1
c91e875b6cf6c4c167a3769ff95b100ed702f1ca

SHA256
02d962999e64b587d3cc65c6e074811493ef35337fe52b4e735fc1a82b075967

SHA512
887b35e87fb56bf4c10986c431136c3f3916b567b68068ea74980e1e8f4da913fb71fc9f4ae36f9ea11c966c4d40dd861a1397516a895ac4d7608099afa0628d

Download Submit
C:\ProgramData\Syncro\logs\ServiceInstall.log

Filesize
1KB

MD5
e9673df65332de11bd7388963b56a10e

SHA1
e3dfbc988899f63baf2d6d76296578e220caa0ab

SHA256
5a94354cd15618c5f5c13cb49458926df03f41fe76ad13f4e8f7bcf5b9fac47a

SHA512
7da5f25f91fc3f9a57aa3e08b307ab2764718e54494f4069b1366838a466d7dde7376926279f2f1d1c7b6b7e2adc887d39ab6007d6454d2cae98d13d10849b6b

Download Submit
C:\ProgramData\Syncro\logs\ServiceInstall.log

Filesize
1KB

MD5
5be5998b9b6bdae1128e45955f106f79

SHA1
2383b5d93f47be54fe89f6184cb764bb756156f2

SHA256
f10d0f36784db77a8b3c39ca688d36678fdc332cc74636f463d8d4a2fe267a09

SHA512
0fd4853fbee83fcde004c904653396b510ca840ac2b2c276497c247d718b1679ca50a7d5a84e54e74e6bfec01882a99ca3c83b9a1b00f0cf085c3025b6e665c1

Download Submit
C:\ProgramData\Syncro\logs\Syncro.Service.Runner20240410.log

Filesize
15KB

MD5
165c30de2f3c2cb8f686e734715762fd

SHA1
e1c3b10b16bff4999ee249b491a9687ddcc0cbe2

SHA256
df27ce6f9e484f0be6a7bf278f6432c43a64928d047a33608de3f35c2775ef15

SHA512
a708d9b2cef7650738dcc052d00c4ac72ab129430fc2428c287746d3f6e5df74d2db38f5a58b0771d10ea851455cc610b5b2eb8f9fd9f89c5f4d4083b95e271f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_E6095CD2AECC9011BCD0D7B421356B17

Filesize
2KB

MD5
60f0e64111e920147fb1ed5d0359e3eb

SHA1
bf1d8bd074ab6885d0e68d75413fd20b2e1d479c

SHA256
8b335f0fb25d1eb787e7ef0da3ae96464ced878ff0c686520e4590b163c344fd

SHA512
650a858b21282e91c70faa9f321cf71f8932064cf2f72518dbd0a68cc227da7e0b9d33625665cf44c6b251fb3092ae4f09ea576bb5a9187e08541257eeb67824

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
1KB

MD5
a7555763ca886bbc82b670be9c75afab

SHA1
8ab5c0e28b1e24eb43126e7c7fe66de9e06a90d7

SHA256
0dd1fb24434dd051af6ab8f8565c5ddf84e2c1e9c7b86eb1e15b592675f13686

SHA512
4884ed03f6b504e297b3af0563e45d7213c22daacec8f5ec2c18307c15c4368bf70b22dd318038fcbea075b49a5797b458dbb25e33564811b1f7f9582f520df2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D7833C286363AD25C70511661A83D581_52894DBA51C2BA5ACE3EE5577FB04C4C

Filesize
510B

MD5
754cb896058a365f654e118aeff3a99f

SHA1
6ef440d86cb545dbb0f45a88285b34122f52571a

SHA256
8bf98f4b83b1972bf979095f34fee01dd404ae9a29b3156d2d5f16e637775526

SHA512
a39b8a9d7e808e2e0fcd14d9d212e20e3f86142889853752382a7cced76c6183f53cc8a2e68b3ed0308d151893aa431d6e0466f7616cddd738c263d9edda7b69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_E6095CD2AECC9011BCD0D7B421356B17

Filesize
488B

MD5
634f5ab4bf48e1e03708a5ebfa0bc7c5

SHA1
83fe7a6edcc303d6e09891fffbca7d8f858faa4f

SHA256
2cd51a163dde35233b1e0d6dfd989b9fa3250a44636ca6af34b934cac3f32064

SHA512
0480219f5c6c2620bb810faa4e35334bc0d6c24b0d849fc26549cabcaa88d1791bd9a8bf93486571a9223524352b4a5ce7073658ca4e275491edcf478f8a61ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
482B

MD5
98ca4a978e78d61274bc075864dcea85

SHA1
4a1cca8f59f658506fb330369d0a85483c103f79

SHA256
d01bbb79e5248e78592dc5b4c908a3313f9c9a55670d86e5a71079a2936ead12

SHA512
2bba9a35a9824dda988d5cf0c0f55266f464e24ac1acd4fb443bcb1450500b47487ac417f273183a39698db8b30470d1664cacfbc6d8a083bba556e8c3d1d153

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D7833C286363AD25C70511661A83D581_52894DBA51C2BA5ACE3EE5577FB04C4C

Filesize
480B

MD5
414e10c9cbb4b848804c938c5776bbe6

SHA1
32e483a87be00a6c8f1e6de6cfbc6abd7ed74fe0

SHA256
805d69e66ceb094f0e62d33a242a05e46c48592d6700b494434cceb995d94e53

SHA512
8c13fdc7d136213a583bfdacff6e5a73d755f4e96d6da3ed1641f141724145e357827b8860c028b8703e29faa940f58bac595ae5c76158d52e1d6798fc729248

Download Submit
C:\Users\Admin\AppData\Local\Temp\Installer.exe

Filesize
7.1MB

MD5
5fdc21287fa2a976bb5a661e6a2a4d85

SHA1
3bb03dca0de6961b0be9403979a3847d8ba4466d

SHA256
09ac0ed20fdc3cb6b6ff969d18d94f28031d6992fb49f739d0db61d2486cbc54

SHA512
f86827404b703f915ad055604cf8d8d533ed3fe7e9856c77809cf7aa13967844c1dc0716bfc27386f5ac1fa2c0d3c70f25bc1791f3957325893322088fcdd9bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Syncro.Installer.exe

Filesize
7.0MB

MD5
7bb45f8522187b26bbef2d9957bbe5fa

SHA1
4f4bbc74fe99a4f8f288a28cdfbc86441d182f0f

SHA256
6547e5d392ed49b02c9afff77cd9c7d36f29193e7c2b511b7e2f31e5650a853c

SHA512
1b535e99ea81007eb47cfcb51bbd6c054a4dd312624ef9047d3293e5fa3c0a3a646f737268275a9bb6af1028d1e2607164daffd484a0bb2c01b47305d5517be1

Download Submit
C:\Windows\Installer\e5899f9.msi

Filesize
5.9MB

MD5
c5c0829df294cc4fd701df5d5c55718f

SHA1
fd581050fe011ff6e71463c9dcc68de14571ef04

SHA256
e217c48c435a04855cf0c439259a95392122064002d4881cf093cc59f813aba8

SHA512
0d40fd22298a5f5537402392ccc707a3fa5421e3501a4867efc8d39c9d343f22f9c0476e427a53b28e02d43e8533c587e590a8716c75a6a5b21c0e65d4505d1b

Download Submit
C:\Windows\Installer\{B7F56D3D-2AD3-4021-9D36-3B9E9C9FBE33}\DefaultIcon

Filesize
14KB

MD5
940cfaf4c3be79e182f60375900fc2b3

SHA1
4c476f0b6eeb7a99912b1a5b2a7ee43c96d40baa

SHA256
97dda1267bb780b5c073d57367fc3590548fab97b9d90ee86d5a55dffd5847e9

SHA512
774e2f1bd38a1145ad7758964276a74c3f8c7deb6932c5203a4c19050d3f4cf38ee71d6ac645c4a55ba3559ea031623267ea5ccd9fbf26a758234203d1590b90

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
23.7MB

MD5
050034f4178c276844241c27f279e6f6

SHA1
4d45a4fbfed30a0e4833b2516a0d33cf9f932e8f

SHA256
30b10ce4375f9d4e4e126925cea4442a2f9cdf4d9612066d6ec359ef3b758546

SHA512
77b2a4e33c0cff0c9da7fcfb94c8387212bd27bd4b807dc054688a78c3011c946fe42fe78aa3112380ffebd1098d7bb8f94fe9148480fa8dc52b9733663a9786

Download Submit
\??\Volume{64fb06ed-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{2e7c50a9-d6cd-406f-bba8-0a3423ecf49c}_OnDiskSnapshotProp

Filesize
6KB

MD5
9abcbda928538ca264659e96d8800e0f

SHA1
0fdce5203b965d1668e72189b4fa4bfc8431ba4b

SHA256
0b9fe5795f9f857dd033dd85ffdcc89ae72a249be54d8ca1461776aae26da998

SHA512
2f0b2697472694c7b74885c0c638d252f41ccbffd6fbf0199215d8f2e1649d59c86cc4009742b19590e89ad8805bb8d26ec7ffe7621000b458c87619a29b4dd2

Download Submit
memory/244-547-0x000001CDDEAA0000-0x000001CDDEAAA000-memory.dmp

Filesize
40KB

Download
memory/244-573-0x000001CDF7A90000-0x000001CDF7AAC000-memory.dmp

Filesize
112KB

Download
memory/244-541-0x000001CDF77F0000-0x000001CDF7800000-memory.dmp

Filesize
64KB

Download
memory/244-543-0x000001CDDEEC0000-0x000001CDDEF1E000-memory.dmp

Filesize
376KB

Download
memory/244-551-0x000001CDDEE60000-0x000001CDDEE68000-memory.dmp

Filesize
32KB

Download
memory/244-545-0x000001CDF7730000-0x000001CDF7774000-memory.dmp

Filesize
272KB

Download
memory/244-553-0x000001CDF7800000-0x000001CDF7824000-memory.dmp

Filesize
144KB

Download
memory/244-539-0x000001CDF7840000-0x000001CDF7942000-memory.dmp

Filesize
1.0MB

Download
memory/244-555-0x000001CDDEE70000-0x000001CDDEE7A000-memory.dmp

Filesize
40KB

Download
memory/244-557-0x000001CDDEE90000-0x000001CDDEE9C000-memory.dmp

Filesize
48KB

Download
memory/244-540-0x00007FF8C99C0000-0x00007FF8CA481000-memory.dmp

Filesize
10.8MB

Download
memory/244-559-0x000001CDDEEA0000-0x000001CDDEEA8000-memory.dmp

Filesize
32KB

Download
memory/244-537-0x000001CDDE5F0000-0x000001CDDE5FE000-memory.dmp

Filesize
56KB

Download
memory/244-561-0x000001CDDF040000-0x000001CDDF048000-memory.dmp

Filesize
32KB

Download
memory/244-579-0x000001CDF7A60000-0x000001CDF7A6C000-memory.dmp

Filesize
48KB

Download
memory/244-581-0x000001CDF7AB0000-0x000001CDF7AB8000-memory.dmp

Filesize
32KB

Download
memory/244-563-0x000001CDF7830000-0x000001CDF783E000-memory.dmp

Filesize
56KB

Download
memory/244-569-0x000001CDF7A70000-0x000001CDF7A8E000-memory.dmp

Filesize
120KB

Download
memory/244-575-0x000001CDF7B30000-0x000001CDF7B70000-memory.dmp

Filesize
256KB

Download
memory/244-571-0x000001CDF7AC0000-0x000001CDF7AE6000-memory.dmp

Filesize
152KB

Download
memory/244-549-0x000001CDDEAB0000-0x000001CDDEABA000-memory.dmp

Filesize
40KB

Download
memory/968-504-0x00007FF8C99C0000-0x00007FF8CA481000-memory.dmp

Filesize
10.8MB

Download
memory/968-505-0x0000016F567F0000-0x0000016F56800000-memory.dmp

Filesize
64KB

Download
memory/968-503-0x0000016F56750000-0x0000016F5675E000-memory.dmp

Filesize
56KB

Download
memory/968-519-0x0000016F56790000-0x0000016F567A2000-memory.dmp

Filesize
72KB

Download
memory/968-520-0x0000016F6F100000-0x0000016F6F13C000-memory.dmp

Filesize
240KB

Download
memory/968-501-0x0000016F54BC0000-0x0000016F54BCA000-memory.dmp

Filesize
40KB

Download
memory/968-535-0x00007FF8C99C0000-0x00007FF8CA481000-memory.dmp

Filesize
10.8MB

Download
memory/1164-36-0x00007FF8C99C0000-0x00007FF8CA481000-memory.dmp

Filesize
10.8MB

Download
memory/1164-37-0x0000000000170000-0x0000000000890000-memory.dmp

Filesize
7.1MB

Download
memory/1164-489-0x00007FF8C99C0000-0x00007FF8CA481000-memory.dmp

Filesize
10.8MB

Download
memory/1264-495-0x0000022ABBB10000-0x0000022ABBB18000-memory.dmp

Filesize
32KB

Download
memory/1264-76-0x0000022ABB540000-0x0000022ABB548000-memory.dmp

Filesize
32KB

Download
memory/1264-493-0x0000022ABBB00000-0x0000022ABBB08000-memory.dmp

Filesize
32KB

Download
memory/1264-492-0x0000022ABBAF0000-0x0000022ABBAF8000-memory.dmp

Filesize
32KB

Download
memory/1264-491-0x0000022ABBAE0000-0x0000022ABBAE8000-memory.dmp

Filesize
32KB

Download
memory/1264-490-0x0000022ABBAB0000-0x0000022ABBAC0000-memory.dmp

Filesize
64KB

Download
memory/1264-496-0x00007FF8C99C0000-0x00007FF8CA481000-memory.dmp

Filesize
10.8MB

Download
memory/1264-86-0x0000022ABB990000-0x0000022ABBA8A000-memory.dmp

Filesize
1000KB

Download
memory/1264-85-0x0000022ABB820000-0x0000022ABB828000-memory.dmp

Filesize
32KB

Download
memory/1264-84-0x0000022ABB7B0000-0x0000022ABB7B8000-memory.dmp

Filesize
32KB

Download
memory/1264-83-0x0000022ABB750000-0x0000022ABB764000-memory.dmp

Filesize
80KB

Download
memory/1264-82-0x0000022ABB730000-0x0000022ABB750000-memory.dmp

Filesize
128KB

Download
memory/1264-81-0x0000022ABB780000-0x0000022ABB7A2000-memory.dmp

Filesize
136KB

Download
memory/1264-80-0x0000022ABB680000-0x0000022ABB72A000-memory.dmp

Filesize
680KB

Download
memory/1264-79-0x0000022ABB560000-0x0000022ABB56C000-memory.dmp

Filesize
48KB

Download
memory/1264-78-0x0000022ABB570000-0x0000022ABB578000-memory.dmp

Filesize
32KB

Download
memory/1264-77-0x0000022ABB550000-0x0000022ABB55E000-memory.dmp

Filesize
56KB

Download
memory/1264-494-0x0000022ABBB20000-0x0000022ABBB28000-memory.dmp

Filesize
32KB

Download
memory/1264-75-0x0000022ABB510000-0x0000022ABB518000-memory.dmp

Filesize
32KB

Download
memory/1264-74-0x0000022ABB4F0000-0x0000022ABB4FA000-memory.dmp

Filesize
40KB

Download
memory/1264-73-0x0000022ABB500000-0x0000022ABB50A000-memory.dmp

Filesize
40KB

Download
memory/1264-72-0x0000022AA2CD0000-0x0000022AA2CDA000-memory.dmp

Filesize
40KB

Download
memory/1264-71-0x0000022ABB4D0000-0x0000022ABB4F0000-memory.dmp

Filesize
128KB

Download
memory/1264-70-0x0000022ABB4B0000-0x0000022ABB4CA000-memory.dmp

Filesize
104KB

Download
memory/1264-69-0x0000022ABB480000-0x0000022ABB4A4000-memory.dmp

Filesize
144KB

Download
memory/1264-68-0x0000022ABB430000-0x0000022ABB484000-memory.dmp

Filesize
336KB

Download
memory/1264-67-0x0000022ABB3D0000-0x0000022ABB42C000-memory.dmp

Filesize
368KB

Download
memory/1264-65-0x0000022ABB3B0000-0x0000022ABB3D6000-memory.dmp

Filesize
152KB

Download
memory/1264-66-0x0000022ABB4A0000-0x0000022ABB4B0000-memory.dmp

Filesize
64KB

Download
memory/1264-63-0x00007FF8C99C0000-0x00007FF8CA481000-memory.dmp

Filesize
10.8MB

Download
memory/1264-64-0x0000022AA08E0000-0x0000022AA0FE8000-memory.dmp

Filesize
7.0MB

Download
memory/1264-497-0x0000022ABB4A0000-0x0000022ABB4B0000-memory.dmp

Filesize
64KB

Download
memory/1264-498-0x0000022ABBB30000-0x0000022ABBB4A000-memory.dmp

Filesize
104KB

Download