hxxps://github[.]com/12slenn/SynapseX

Analysis

max time kernel
120s
max time network
104s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
20/07/2024, 22:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/12slenn/SynapseX

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
3580	SynapseX.exe
3388	SynapseX.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 3580 set thread context of 1176	3580	SynapseX.exe	97
PID 3388 set thread context of 4916	3388	SynapseX.exe	109

Program crash 4 IoCs

pid	pid_target	Process	procid_target
972	1176	WerFault.exe	97
1216	1176	WerFault.exe	97
3168	4916	WerFault.exe	109
1216	4916	WerFault.exe	109

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\SynapseX-main.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4132	msedge.exe
4132	msedge.exe
1368	msedge.exe
1368	msedge.exe
3472	msedge.exe
3472	msedge.exe
2528	identity_helper.exe
2528	identity_helper.exe
4432	msedge.exe
4432	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2080	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 2248	1368	msedge.exe	78
PID 1368 wrote to memory of 2248	1368	msedge.exe	78
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 1244	1368	msedge.exe	79
PID 1368 wrote to memory of 4132	1368	msedge.exe	80
PID 1368 wrote to memory of 4132	1368	msedge.exe	80
PID 1368 wrote to memory of 3972	1368	msedge.exe	81
PID 1368 wrote to memory of 3972	1368	msedge.exe	81
PID 1368 wrote to memory of 3972	1368	msedge.exe	81
PID 1368 wrote to memory of 3972	1368	msedge.exe	81
PID 1368 wrote to memory of 3972	1368	msedge.exe	81
PID 1368 wrote to memory of 3972	1368	msedge.exe	81
PID 1368 wrote to memory of 3972	1368	msedge.exe	81
PID 1368 wrote to memory of 3972	1368	msedge.exe	81
PID 1368 wrote to memory of 3972	1368	msedge.exe	81
PID 1368 wrote to memory of 3972	1368	msedge.exe	81
PID 1368 wrote to memory of 3972	1368	msedge.exe	81
PID 1368 wrote to memory of 3972	1368	msedge.exe	81
PID 1368 wrote to memory of 3972	1368	msedge.exe	81
PID 1368 wrote to memory of 3972	1368	msedge.exe	81
PID 1368 wrote to memory of 3972	1368	msedge.exe	81
PID 1368 wrote to memory of 3972	1368	msedge.exe	81
PID 1368 wrote to memory of 3972	1368	msedge.exe	81
PID 1368 wrote to memory of 3972	1368	msedge.exe	81
PID 1368 wrote to memory of 3972	1368	msedge.exe	81
PID 1368 wrote to memory of 3972	1368	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/12slenn/SynapseX
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcebd73cb8,0x7ffcebd73cc8,0x7ffcebd73cd8
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,17263343294160151495,3157719817946675970,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,17263343294160151495,3157719817946675970,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,17263343294160151495,3157719817946675970,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17263343294160151495,3157719817946675970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17263343294160151495,3157719817946675970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,17263343294160151495,3157719817946675970,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,17263343294160151495,3157719817946675970,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17263343294160151495,3157719817946675970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,17263343294160151495,3157719817946675970,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17263343294160151495,3157719817946675970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17263343294160151495,3157719817946675970,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17263343294160151495,3157719817946675970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17263343294160151495,3157719817946675970,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,17263343294160151495,3157719817946675970,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6056 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:228

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3536

C:\Users\Admin\Downloads\SynapseX-main\SynapseX-main\SynapseX.exe
"C:\Users\Admin\Downloads\SynapseX-main\SynapseX-main\SynapseX.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:3580
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  PID:1176
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 1064
    3⤵
    - Program crash
    PID:972
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 668
    3⤵
    - Program crash
    PID:1216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1176 -ip 1176
1⤵
PID:3168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1176 -ip 1176
1⤵
PID:2696

C:\Users\Admin\Downloads\SynapseX-main\SynapseX-main\SynapseX.exe
"C:\Users\Admin\Downloads\SynapseX-main\SynapseX-main\SynapseX.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:3388
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  PID:4916
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 444
    3⤵
    - Program crash
    PID:3168
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 1048
    3⤵
    - Program crash
    PID:1216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4916 -ip 4916
1⤵
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4916 -ip 4916
1⤵
PID:4388

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SynapseX.exe.log

Filesize
42B

MD5
84cfdb4b995b1dbf543b26b86c863adc

SHA1
d2f47764908bf30036cf8248b9ff5541e2711fa2

SHA256
d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b

SHA512
485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
afe63f44aa3aa9393e4251b4b74226e3

SHA1
29eef15e4d60afed127861deebc7196e97d19e4a

SHA256
7787181844d106768f78847869b5e784f07c1b65109d59b46932979bac823cd3

SHA512
f0f7951b5d55c2cbb71add5ab0c2ed3617a6fdf93f2c81ee9dd15d9f7c67881b42cbfd97cc4d2f17ba8a383624b23da1897fee069ddcee34233c1f625062a1cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b0c53c5fe6ad2ee4ffbde1b3384d027

SHA1
0c9ae4f75a65ed95159b6eb75c3c7b48971f3e71

SHA256
2e9fc3b050296902d0bb0ce6b8acc0bb54440f75f54f1f04ae95c9956108171f

SHA512
29f62e085d685d3b4902515790ab4f298454d0f8d53b6234fae9f9a0edffdd0d4edee57261e8eb0b94a4af8e86d3f7ab8b044c6f259576b89f91183002e58b42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
714e72ff81ad7690974bee2389f4b905

SHA1
f2fc563799bfc5c337c9fd4b654b4bad90ff1f0e

SHA256
65aa3c48f83ed2c128c9202f68f5834397662fb3dfcae881ba390a91ee40b6f3

SHA512
7c976eb645aa5d7565e8f542b998c0101d183ddfec5f2fb84dbd8491a9ccb48114c900606df6e679ababafef8f4f8a477630b5da321d82edab4906381b84e4e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bb81468af626976a022377d4bf2ab4e9

SHA1
db2394ab80986b15b49191c95d3f39573ae812a1

SHA256
0692b6b8f3d51e6780bfe7a4303de19c427ea1853aa688dc0fad83cfc81e10c9

SHA512
99a17ab231b5f6feaf1f3e9ba95f6582ef9be3e8b1af3523af66f3a60c0229fe9e15288b48e3bd0967ecb88f3af955fe52cdda21fc63140420409b98d7602d43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4e34d31198eede979d267042a8b95764

SHA1
eb0c4997f4e04c429048ea65b8bdee1e07dad1a1

SHA256
fe4ae8f4e1432f5e91ed7d7eb1ff8f72fa64abfb4da0230dae642d34b886689f

SHA512
c38f97df50650d5d69d2aecd258c79f5a8d035992c2aadf258741b0cd0f6ee8460dba902c74bd1d6707af053942015173b1f3c9e50b2d3553ea1575a1d416391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
75cbb91c779a6db331b7f74777e26426

SHA1
df7351bd491c9df55689814e55d05448e6928932

SHA256
426090b0d91184636506b17c36566c0710ccf39cd19a77cfa443d2e02761337a

SHA512
25ddaab44c7a7b67c162660bdec6ecfa29bc30bd57ec6dc191b3f1f47d1e9cfd47d692481a76f9926a90b5a357ad94fc4ec0a8f44167e3d437ebea17311f3ab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cbfb.TMP

Filesize
1KB

MD5
68e665326b1c0fe4fc69b8b55637c3d2

SHA1
7516840ad42c2c2a08ab90c9533095c9299bb165

SHA256
b4a56c05b878572138a69be1974000ddc746020b19c4f3e6125a443bcc622987

SHA512
598458012bf0b4be4e44ca81cee4ab28aa70eae1521c60e6c4c2f9505042a7022b2476cb5344ae1f9d0f14f1f014420c5ec89576d852edb9e691826f51fd3b35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e4a751ed-ba95-4c34-be98-785168a09dfc.tmp

Filesize
672B

MD5
11495c7e82f1eae263412572560ddfa3

SHA1
335fce52bc97bd449d892adff810a815c499e3f6

SHA256
c528d4c3ff971608ac296729c21a4fd6953852a79c10040a92bc58fed86ff277

SHA512
4a3a561da517a1d7288b99af05e3e82e7ebc2e27b4d74645e4827806f9332bb47ec97fd5bb3fb54f7a4fb1b2469a94c625811f1b71b49435a75f279527e2ae09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c70ea75de0ca2031f894d28da3edf397

SHA1
19a2620b3e1e3658529100d42904de2d914a5e9e

SHA256
15ae44cf05f2fc475f5461b9442679a62c607e903ed894cea3d37274800eab5a

SHA512
78ac9b33b768f773f495b35210c4fc97ecad26a92aa43863f0a201850d15bb60afd3c961bd304678bf62fc49af43e8b34059714bdce9918a0808c264c81a514e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
060634f2a2a6f1551484cf56e7aa27c2

SHA1
c3570dd11559ad471e1fedba4f73a2f6a392f33e

SHA256
1b68b3bd47ee6869110d4422918d0388910fa0713240e9ba258f4b2196e236e6

SHA512
f6f885f161ee2046b6da4d41b1679cce5b0924ab1b0c5546970f23694032f03b7a390d1ac5d9679bf4cfb54d8889b0c2c32d2bad97e69a19d1e62d947a3be86c

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
47c7a4e1f805aa96129a49cd4a139e0d

SHA1
255e7e1b2c74231e5a67149a844670060e412da3

SHA256
d89cd516a97caecfe9b1a191f45c501f61531776450f83177438b39d38d7b5af

SHA512
0fc1e29ef7e56c2670e5526657a809f42440d593eb892e5c74e35f278c23b0f1a492e30018c9aadce3ecfe2260ca9d6d81ef483f45777c5079492534c76fc2bf

Download Submit
C:\Users\Admin\AppData\Roaming\d3d9.dll

Filesize
429KB

MD5
f6ba3a613a9d9be4b2b93c8ec849d239

SHA1
dadd356e8b028fd7ce67e91ddea68b4928a146d3

SHA256
d66df0795ea1a1941802c75c10603a6ad3b162ded9153f3623c3816e81e47bba

SHA512
0b02ddc1208abdc270637992d15ca64154b7dc5fd5420df3b5a6253655050f415f983aaed06427b3d30315a406b3c6a98d5487a9d5ad5df863cddaa9b2a92989

Download Submit
C:\Users\Admin\Downloads\SynapseX-main.zip

Filesize
668KB

MD5
a1dee63807bc5d2f4b400bf619d90672

SHA1
44b6542887e21429a75db60f99fcebb70c3dadf8

SHA256
477728a0856cdf14bb894c2ef83daeda04f4a3beea60af9d3921512fd2071de9

SHA512
fd7ee4d6d98580b9441d69ebc7296f66e8acdc50635f3e1072724c1568e9b9bc8dbb9f027ad7c35a14a1e36e90f89a237f5b2fcd59a8ec206cd842eefec99288

Download Submit
memory/1176-250-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1176-252-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3580-242-0x00000000004B0000-0x0000000000544000-memory.dmp

Filesize
592KB

Download
memory/3580-243-0x0000000000F00000-0x0000000000F06000-memory.dmp

Filesize
24KB

Download