Analysis Overview
Threat Level: Known bad
The file https://github.com/cfedss/Synapse-X-Revamped/releases/tag/rELASE1.4 was found to be: Known bad.
Malicious Activity Summary
XenorRat
Checks computer location settings
Executes dropped EXE
Enumerates physical storage devices
Modifies registry class
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Checks SCSI registry key(s)
Creates scheduled task(s)
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-23 07:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-23 07:35
Reported
2024-05-23 07:38
Platform
win10v2004-20240426-en
Max time kernel
106s
Max time network
107s
Command Line
Signatures
XenorRat
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\SynapseX.revamaped.V1.3\SynapseX revamaped V1.3\Synapse X Installer.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\SynapseX.revamaped.V1.3\SynapseX revamaped V1.3\Synapse X Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\XenoManager\Synapse X Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\SynapseX.revamaped.V1.3\SynapseX revamaped V1.3\bin\OoxIi8qtt.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\SynapseX.revamaped.V1.3\SynapseX revamaped V1.3\Synapse X Installer.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/cfedss/Synapse-X-Revamped/releases/tag/rELASE1.4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff2ca46f8,0x7ffff2ca4708,0x7ffff2ca4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16575714743248820576,12335117757181916942,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,16575714743248820576,12335117757181916942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,16575714743248820576,12335117757181916942,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16575714743248820576,12335117757181916942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16575714743248820576,12335117757181916942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,16575714743248820576,12335117757181916942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,16575714743248820576,12335117757181916942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16575714743248820576,12335117757181916942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16575714743248820576,12335117757181916942,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,16575714743248820576,12335117757181916942,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3448 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16575714743248820576,12335117757181916942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,16575714743248820576,12335117757181916942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16575714743248820576,12335117757181916942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16575714743248820576,12335117757181916942,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\SynapseX.revamaped.V1.3\" -ad -an -ai#7zMap6766:108:7zEvent19541
C:\Users\Admin\Downloads\SynapseX.revamaped.V1.3\SynapseX revamaped V1.3\Synapse X Installer.exe
"C:\Users\Admin\Downloads\SynapseX.revamaped.V1.3\SynapseX revamaped V1.3\Synapse X Installer.exe"
C:\Users\Admin\AppData\Local\Temp\XenoManager\Synapse X Installer.exe
"C:\Users\Admin\AppData\Local\Temp\XenoManager\Synapse X Installer.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "Windows Client" /XML "C:\Users\Admin\AppData\Local\Temp\tmpD65B.tmp" /F
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\Downloads\SynapseX.revamaped.V1.3\SynapseX revamaped V1.3\bin\OoxIi8qtt.exe
"C:\Users\Admin\Downloads\SynapseX.revamaped.V1.3\SynapseX revamaped V1.3\bin\OoxIi8qtt.exe"
C:\Users\Admin\Downloads\SynapseX.revamaped.V1.3\SynapseX revamaped V1.3\Synapse X Installer.exe
"C:\Users\Admin\Downloads\SynapseX.revamaped.V1.3\SynapseX revamaped V1.3\Synapse X Installer.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "Windows Client" /XML "C:\Users\Admin\AppData\Local\Temp\tmpC7A0.tmp" /F
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 131.253.33.237:443 | g.bing.com | tcp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 237.33.253.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| N/A | 192.168.1.219:1234 | tcp | |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| N/A | 192.168.1.219:1234 | tcp | |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| N/A | 192.168.1.219:1234 | tcp | |
| N/A | 192.168.1.219:1234 | tcp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dc6fc5e708279a3310fe55d9c44743d |
| SHA1 | a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2 |
| SHA256 | a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8 |
| SHA512 | 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13 |
\??\pipe\LOCAL\crashpad_3052_ITYDAIJRRNAFEMHM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c9c4c494f8fba32d95ba2125f00586a3 |
| SHA1 | 8a600205528aef7953144f1cf6f7a5115e3611de |
| SHA256 | a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b |
| SHA512 | 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 70076da9a08b5d5629d625d5f8ab17a6 |
| SHA1 | ccdc19f163ff72c2f16fb7b8cc758ec0a44ce76f |
| SHA256 | e91ba1e14a2aad6792feb59a15a2227b50ead2af55ba365120f6a95db33c139f |
| SHA512 | 6bc1519453e94f128b3621c8fa52a10935c640f1abe65545d5911a384411a55ac68d1863d9d6d86168ec60ee15225d2e674344672021195c12e0ba7aca5786b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e5ef7729d65f187954c4d0026212595f |
| SHA1 | b578d503e12390bf6bfa867d16714dcf663a7881 |
| SHA256 | 3d728796685125a7bf99840ef6e65694f8d228a6ef848bd0a63da8251467545f |
| SHA512 | 345fe8e48b2770a284d1479603ad5fc8f8ad0a33ffbf97cc59e77a6f31478ae174a103b3cd59b0fe35de030d39c14938cb627adf148ae3e510f54f8b1444f470 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b010e22b7314aee7d2ec1624132bd36e |
| SHA1 | 3ccbde5080e6d63ccf7827580f7dd562a7f3e525 |
| SHA256 | e4a1c19dba1da56e4112ae487a3ce9152c394fdf6314db7d20f8d4ed4a6c810f |
| SHA512 | 70dc02b8c6f52f676fa24465656f57f9b466dafd512b5af7485106c5003b363033e43376565b22328a2a68ebaf3eae93b054b8c5fe4f5011cf009ba7f9d88a93 |
C:\Users\Admin\Downloads\SynapseX.revamaped.V1.3.rar
| MD5 | 25e767f22f576a1187ca297428a909b3 |
| SHA1 | a6ad4d278d09e0ecab07d095e996c91e9afb3b18 |
| SHA256 | 13f63c65ac270ce6d8f462791b1bb0ca64b8f7000f230b1c2ade64db617c5eac |
| SHA512 | 37e4e4dd2d0c03d00f7afb024406f7445142b82f24648da287ef9008805af6b083223e9d0a34fa343bf5dc0300c701f71151eebe9be459157daf10d0d5275689 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 154a8e043312f72156aa09182895b0e4 |
| SHA1 | f82a82130b25adcfa2d2cc72ffc831ea7102832d |
| SHA256 | b988f09b45bee74f378ff9ba957f42de2ca1e472c4c7f77f3db897e603936486 |
| SHA512 | abc03a1ad45ed53b9ee6611247f0d79552ac621ae342891b9bef46d07c543a29475fdcdec4260cf3903314d5f1a93888b9806964c2700e9dea00fef165957493 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 51d56b37735601ce960eccfd760e2fa8 |
| SHA1 | e97557e5a9e8067c7b2b7f57e5456a88e1c78bb1 |
| SHA256 | 220841caf526b983520afb7a21c8e9302b2070785a7169bfabe19db2678f87de |
| SHA512 | 3d040b002ea25e9701297924a42c4013786f3a353d8072cb2a333b7e6376a3c7f008f2358c422169859f5419f87d1687eb84042be11bf22be854ed71835f6495 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 61e58cb92f916c98e2479009b50c81fd |
| SHA1 | 10f7eaf52ce8573f05580a098536482426ba0ec6 |
| SHA256 | 48c1c272c4d47f7fb4178f15617e1b9cf9390ba52997d457be56508fc1a852b5 |
| SHA512 | 59bf88a628dd35c2f9b65336d70c749026c535bbb7438bc00e1c9be66727d6de21307de345414dfe4200441dfa08dda292fd5af7ea0ba7a948b8c6c2549ee204 |
C:\Users\Admin\Downloads\SynapseX.revamaped.V1.3\SynapseX revamaped V1.3\Synapse X Installer.exe
| MD5 | 769aad21a347b7576895910e55970390 |
| SHA1 | 36831993993050af72ea201cfa6ebc4726860e56 |
| SHA256 | 72e0f8bf690b647ae965d9a99f89c4f04c3b9500aac53f2a3fd376a2546b287a |
| SHA512 | 9bb36a376f0b3e8a26a813f1054bf92a9ca737bd9eb96403d28b4edb81c361408a058e5ccefda3e44bbf4943d9799203665161b02394d35a05faa20851f670a5 |
memory/5832-196-0x0000000000740000-0x0000000000752000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Synapse X Installer.exe.log
| MD5 | 916851e072fbabc4796d8916c5131092 |
| SHA1 | d48a602229a690c512d5fdaf4c8d77547a88e7a2 |
| SHA256 | 7e750c904c43d27c89e55af809a679a96c0bb63fc511006ffbceffc2c7f6fb7d |
| SHA512 | 07ce4c881d6c411cac0b62364377e77950797c486804fb10d00555458716e3c47b1efc0d1f37e4cc3b7e6565bb402ca01c7ea8c963f9f9ace941a6e3883d2521 |
C:\Users\Admin\AppData\Local\Temp\tmpD65B.tmp
| MD5 | a27e485b47a3c136c01199b55f08c0d8 |
| SHA1 | 99a6c183d0673217570cf2e5efcc8bf44d78f483 |
| SHA256 | 0c297eec1e3f58624331b58ae22a57cdd344071d58942c6897bb6ae1409e95df |
| SHA512 | 386fe030cbcb380350e5e5cc8179b76115601ad9b322f90a9d71f76fb2468993986a224796b489c600b4a388d76584772369259ac05d64a6551978e3c9102b60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 107663e8eefec039a8bd88558bbde6f9 |
| SHA1 | 69c611596bd33c156a14909f4704ce277e100dfd |
| SHA256 | 48f2b2ec1b5eda64bf53e486e2df9b5cf96927ebec24e1a17d2cc05669adeb44 |
| SHA512 | 4a5f82d92dc50a44e3f4b0ed27ee441fa917f8e10d4de076e0d9b6975970c2fcb3c12f0b84911ed0d65ca66541c4ccbad085ecfd239d9c93c10f198a4d7ade4d |
memory/5388-241-0x0000016FC9BD0000-0x0000016FC9BD1000-memory.dmp
memory/5388-243-0x0000016FC9BD0000-0x0000016FC9BD1000-memory.dmp
memory/5388-242-0x0000016FC9BD0000-0x0000016FC9BD1000-memory.dmp
memory/5388-247-0x0000016FC9BD0000-0x0000016FC9BD1000-memory.dmp
memory/5388-250-0x0000016FC9BD0000-0x0000016FC9BD1000-memory.dmp
memory/5388-253-0x0000016FC9BD0000-0x0000016FC9BD1000-memory.dmp
memory/5388-252-0x0000016FC9BD0000-0x0000016FC9BD1000-memory.dmp
memory/5388-251-0x0000016FC9BD0000-0x0000016FC9BD1000-memory.dmp
memory/5388-249-0x0000016FC9BD0000-0x0000016FC9BD1000-memory.dmp
memory/5388-248-0x0000016FC9BD0000-0x0000016FC9BD1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 486f305a90a456ee245f58c283ed7075 |
| SHA1 | ffb22f995cbc936b3a8ad34ff3e0ac0d94b02d51 |
| SHA256 | 94157b6388a91a38407aad2ffe09238b41eede735416fd6c208bc0af6d1a8b03 |
| SHA512 | 65146c487ab665d5a3b588b414d51d75977eb72dbf268bffbfa1bed4ef5d47e7219b8b4cfebaf721eb9aafb15fcccf2811e9bb4d9e206fc59b7592fe03dfb8d4 |
C:\Users\Admin\Downloads\SynapseX.revamaped.V1.3\SynapseX revamaped V1.3\bin\OoxIi8qtt.exe
| MD5 | a48d6b525da2501d8ec661f2f2f1b0e8 |
| SHA1 | 5737e465e5ffbed6b51e6775b5e05b5769f89e6b |
| SHA256 | a6e52cc20913ae168b7dcbb923ea8cd7bdda93e43399ec22a85dabfab14ddf3a |
| SHA512 | 3cf1d6acbf1a3c3e99739af505b57aef7e8db5a2a84db2310c1d6490a097e11065510d2aaaac6ea71fd226b421d87be216993528e245e0bdee9b6000e68e32ab |
memory/4028-287-0x00000000000A0000-0x00000000001B8000-memory.dmp
memory/4028-288-0x0000000004C80000-0x0000000004D2A000-memory.dmp
memory/4028-289-0x0000000004DA0000-0x0000000004DF0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpC7A0.tmp
| MD5 | 72375c19b52536c9df51a668d84fc207 |
| SHA1 | 75db62e61e70b86e86154e36ba722f7f6b0ef8be |
| SHA256 | 517b68916ade362d60ffa24314fcdde2c26ab217776de9238f9fd0f6e7819d2e |
| SHA512 | f1dc78994b23947e6a62a76ee172383a0cf139f496ecc06e7f99c75d1a710ac65a22e5492ebdeafc9a7df5b2c600a9d847a9974f135a4e80bde7eb132d86ffa0 |