hxxps://easyupload[.]io/kr1hxe

Analysis

max time kernel
106s
max time network
110s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
10-08-2024 11:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://easyupload.io/kr1hxe

Score

7^/10

discovery vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/6932-862-0x00007FF710A80000-0x00007FF711667000-memory.dmp	vmprotect

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
359	raw.githubusercontent.com
235	raw.githubusercontent.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
6932	nyxplayerbeta.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SynapseRemake.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
6620	msedgewebview2.exe
6672	msedgewebview2.exe
6836	msedgewebview2.exe
6464	msedgewebview2.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
2484	taskkill.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1287768749-810021449-2672985988-1000\{F977B15D-D9F8-4D47-9A67-EB4844E4155E}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings	msedge.exe

NTFS ADS 5 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\SynapseXRemake.zip:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\Downloads\SynapseXRemake\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Subresource Filter\Indexed Rules\28\scoped_dir2804_1157576322\LICENSE\:Zone.Identifier:$DATA	msedgewebview2.exe
File created	C:\Users\Admin\Downloads\SynapseXRemake\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\9eb27c88-1371-439f-b897-15e9403cea94.tmp\:Zone.Identifier:$DATA	msedgewebview2.exe
File created	C:\Users\Admin\Downloads\SynapseXRemake\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Default\69d1a7a4-51ef-4353-b5d9-70ba16c1b308.tmp\:Zone.Identifier:$DATA	msedgewebview2.exe
File created	C:\Users\Admin\Downloads\SynapseXRemake\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Default\6a3ac3d7-44cf-43ff-8318-43b370408616.tmp\:Zone.Identifier:$DATA	msedgewebview2.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1444	msedge.exe
1444	msedge.exe
2076	msedge.exe
2076	msedge.exe
3452	identity_helper.exe
3452	identity_helper.exe
5428	msedge.exe
5428	msedge.exe
5820	msedge.exe
5820	msedge.exe
6424	msedge.exe
6424	msedge.exe
3620	msedgewebview2.exe
3620	msedgewebview2.exe
6464	msedgewebview2.exe
6464	msedgewebview2.exe
6932	nyxplayerbeta.exe
6932	nyxplayerbeta.exe
6932	nyxplayerbeta.exe
6932	nyxplayerbeta.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 49 IoCs

pid	Process
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2804	msedgewebview2.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4676	SynapseRemake.exe
Token: SeDebugPrivilege	2484	taskkill.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2804	msedgewebview2.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2724	2076	msedge.exe	82
PID 2076 wrote to memory of 2724	2076	msedge.exe	82
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 2968	2076	msedge.exe	83
PID 2076 wrote to memory of 1444	2076	msedge.exe	84
PID 2076 wrote to memory of 1444	2076	msedge.exe	84
PID 2076 wrote to memory of 2596	2076	msedge.exe	85
PID 2076 wrote to memory of 2596	2076	msedge.exe	85
PID 2076 wrote to memory of 2596	2076	msedge.exe	85
PID 2076 wrote to memory of 2596	2076	msedge.exe	85
PID 2076 wrote to memory of 2596	2076	msedge.exe	85
PID 2076 wrote to memory of 2596	2076	msedge.exe	85
PID 2076 wrote to memory of 2596	2076	msedge.exe	85
PID 2076 wrote to memory of 2596	2076	msedge.exe	85
PID 2076 wrote to memory of 2596	2076	msedge.exe	85
PID 2076 wrote to memory of 2596	2076	msedge.exe	85
PID 2076 wrote to memory of 2596	2076	msedge.exe	85
PID 2076 wrote to memory of 2596	2076	msedge.exe	85
PID 2076 wrote to memory of 2596	2076	msedge.exe	85
PID 2076 wrote to memory of 2596	2076	msedge.exe	85
PID 2076 wrote to memory of 2596	2076	msedge.exe	85
PID 2076 wrote to memory of 2596	2076	msedge.exe	85
PID 2076 wrote to memory of 2596	2076	msedge.exe	85
PID 2076 wrote to memory of 2596	2076	msedge.exe	85
PID 2076 wrote to memory of 2596	2076	msedge.exe	85
PID 2076 wrote to memory of 2596	2076	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://easyupload.io/kr1hxe
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff999eb3cb8,0x7ff999eb3cc8,0x7ff999eb3cd8
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7380 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7912 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8168 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8644 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8512 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8908 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9124 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9276 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9464 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9660 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7576 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8256 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9420 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=9744 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8460 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9656 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9144 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9552 /prefetch:8
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2636 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1804 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9828 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8180 /prefetch:1
  2⤵
  PID:6284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:6292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2612 /prefetch:1
  2⤵
  PID:6456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8940 /prefetch:1
  2⤵
  PID:7144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9136 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:6424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9368 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:1
  2⤵
  PID:6256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9848 /prefetch:1
  2⤵
  PID:6984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11993954173130073811,18319236877973551821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8476 /prefetch:1
  2⤵
  PID:1924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:236

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1556

C:\Users\Admin\Downloads\SynapseXRemake\SynapseXRemake\SynapseRemake.exe
"C:\Users\Admin\Downloads\SynapseXRemake\SynapseXRemake\SynapseRemake.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4676
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=SynapseRemake.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\Downloads\SynapseXRemake\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=4676.2884.3487798225484412284
  2⤵
  - Enumerates system info in registry
  - NTFS ADS
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:2804
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\Downloads\SynapseXRemake\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\Downloads\SynapseXRemake\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\Downloads\SynapseXRemake\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x194,0x7ff999eb3cb8,0x7ff999eb3cc8,0x7ff999eb3cd8
    3⤵
    PID:5472
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1900,14776303063700554776,13111859985432661635,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\SynapseXRemake\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView" --webview-exe-name=SynapseRemake.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2120 /prefetch:2
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:6620
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,14776303063700554776,13111859985432661635,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\SynapseXRemake\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView" --webview-exe-name=SynapseRemake.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2464 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3620
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,14776303063700554776,13111859985432661635,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\SynapseXRemake\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView" --webview-exe-name=SynapseRemake.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2860 /prefetch:8
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:6672
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1900,14776303063700554776,13111859985432661635,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\SynapseXRemake\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView" --webview-exe-name=SynapseRemake.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:6836
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,14776303063700554776,13111859985432661635,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\SynapseXRemake\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView" --webview-exe-name=SynapseRemake.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4844 /prefetch:8
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:6464
- C:\Users\Admin\Downloads\SynapseXRemake\SynapseXRemake\bin\api\nyxplayerbeta.exe
  "C:\Users\Admin\Downloads\SynapseXRemake\SynapseXRemake\bin\api\nyxplayerbeta.exe"
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  PID:6932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
    3⤵
    PID:4404
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerUI.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:2484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
e43c5355930cd2ca475f1c7a926768a4

SHA1
e57a98e71bf125d712ba7ede2e799071d4acc610

SHA256
c5a95cf885040ebb0cebbcb64d065dd6f7e5d2003042334865623977c4ba0ba0

SHA512
5da88dad4b277d314d3bf46ab02b0add475b27631d6655d0f2ffa7d02e7dec3652cc797521fd2b44a96846bb01a2528bc2500977611a6299a59ddeaa38242e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d30a5618854b9da7bcfc03aeb0a594c4

SHA1
7f37105d7e5b1ecb270726915956c2271116eab7

SHA256
3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8

SHA512
efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
03a56f81ee69dd9727832df26709a1c9

SHA1
ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b

SHA256
65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53

SHA512
e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
22fe4a0ee398ba915238edcfec863829

SHA1
c27a3981ba716b89309ed7c24cb0e4f29f3d74b3

SHA256
fccfce5e8606a3eaf1ebcf476a6ea9ac826d583d382441ea51ef34c56b567984

SHA512
e5cdd53202a2124a7ff8c970e3370924d751e3308ef9c82fabf0585fb789722b5a412e591c8f7d3f36122d5203ed1fa29be3f939494c7d70bab207827d163876

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
65c92bbb718ce1c0dd951454c3207293

SHA1
17ec632dbee9bdca8f0913825edacaa0715d0621

SHA256
e81aca8e11b815c53310100cc30da03c04f623bf08685a91cbda0444b1590dea

SHA512
2bd33e4f46abf7462169654237f3314cd0e3652b15d56283277f6ef19f87c981bbfaa892777361e28d3d0e4b6cda120448392f64dac85c51266c94a464d9b61e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
d4cee057bc98c85b1535284421605e44

SHA1
87a50c8f27973bdf8e4f27a0f38d50727d4eb941

SHA256
8f08054867500a87f6f27870c771a1f3c5690940246ae8f75c371d3a8f2d5c9a

SHA512
471ce9a5ad6024560ee93c7ca4b40b2141e9890df3b78cf86774ae1ddb0a90fca5e5f180f1815d42cb8c778203ebd0c8e7a17d5f9581e2c6eea48dfae9b7cde7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c67a1f5e02a29c20231dcb47174cc5db

SHA1
1422b013fc1531d1f5781d4841ae019821fd87ac

SHA256
128edccf95b24494f3ee983873b74f63b253ccfa0582d58ae00ce1626a510b4f

SHA512
4d8a032e6e201ceb96ad031a99da62ed0ef37d7228ac037d3a92a08615350f2a9c5b77e2f48024ca7c8cf127ee38ce2e2e9b9466001fe993d7099f214d6ef932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
533c1098fce706b8e7f167940410feca

SHA1
aa23a60660d23054864f6fd81b714c2fbdfbe99d

SHA256
60b0ce45e3d1daa18e40030b3c96fd70086b09d84d16796d46ee2fa640dce321

SHA512
41b9867edf594c08fef8b2e3aa96564a479bcabab090ddbf7d8c97e447bde282976a5dc1cc5d7852d01fc96783747b8bc43826d164b0cd02ad339009a832f9cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
5f999ab3c83a2e8480a9d9ab67b3c0af

SHA1
61a7883c61d4dc8b2af0ed6666f29dc923daf761

SHA256
ca672e1131bd532ac1aed83c71c8f2336c3650cb9d4804ef7bfee40f52260403

SHA512
2b95ad6bb1f69ee53a65bfe37121aab9cabf2d68cd32c3fcd88a4c293e54aeadd395432502398418a13ba5ae88c54aa1a571335bf677c0be13d096808a06c8ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
f4002d3433db1663141bcb12fdc73e20

SHA1
e69277b7a6fced6ddcb9174da7eae0ec4a5506ba

SHA256
112d5af689c76d7dd05b5674c9c244bab7c87859e68a1dfa148b05479a944a4d

SHA512
1f30b62e809f3bc66c08ed168702fa056208667c8e1742a5b96fd53805a6de38890b6d184dd6efadc1fbc49d8dc487033e559e80e3b484cef162a8b84d61ca0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
657207424bb2539acf16f0ea8940f1ed

SHA1
eb3888f9e00588dfa2bd5f360186443209a21040

SHA256
7b242e9f80c01906481d8dca15952def7913ec71c4dcd03a6bbc42e7f453e924

SHA512
2c0c72a30bc8fa4aed221192d29d5064a61c185c7241bc24f723dffc528b33a1986b826ae7dc33093fdc34583aed9077d998ca291c3dbb02a0e2d1855b4f37dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f6690f7622895987a740e81582755dfc

SHA1
a1524d280e0ccb3762c32fbbb985616437d8dfbb

SHA256
c4a4c02c6cbec12ee6b1afad4c8fe1a782395bbc90e41fde5d2a6ae5e3ddc628

SHA512
cd684b3b28e8c14d9a4efd22bddb3f55bdd0a48f346b89ad9f2bcad5869170b2de87eee2a56921395285b917b7214dab94b5971e965e1cee736563b3fbb93a04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
2c1abd06aa1f62b67e5ff336f0b4f02f

SHA1
afb8bba4bf05e249a52a7a8bcaa1b108cc0eeac2

SHA256
00b12cb8d33014c3ea7713163c0ff71e51096207861321ae7701f534b3829c15

SHA512
07e60c45cb141347b83dcf764df93a6f7869b923ec1d0642021aec753cc7f53995c926bc7564ca15ffed5bcc46b608dc9bbd2f326bb5d3c20a12f5972eb31727

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b5f15f3ed5219f97f203f1824bacddc0

SHA1
9651b32c7e406341cc4a94678e9abaa45decbf9d

SHA256
50806e54e650267e599d8e93568927adc41ccc3b37f43e41590f998687b1c22c

SHA512
ab36b3e8348e1384fc49752bbdb454234322ff8325007132b6bc23497b849ba9b4bc72b85b9c03e9d26caf9271dfcced81e5ad5446f52f4e64d6bdc93ec38689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
ae472a773d27862bd09e565280351175

SHA1
710f60e71bd492308d6c467b5a145e8bffcb738a

SHA256
6afe20916813fc409758f7f28d4296767cca52e8888e1e4d5a9b4f7bb922af43

SHA512
ce3e30b39f1fdf93613e179f3a205dabb043f9e2d897edf31511d37f55da31a126ce8bc121629bda00627778616433073e94566311569b25cb81aadf984482c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582b22.TMP

Filesize
2KB

MD5
f05d85bbec5b4e22683e70587f3f74c7

SHA1
ab088215995095aa55ab94e9bf73f973e67b353e

SHA256
6af548a66feee202afe1ea5ac887ecae803987507ae350e9cb9cc2a54db80cd2

SHA512
ba9ffbcb7a19b17f3416fb5b80a6d72030b6e9d73760c55cde9f6db5f7affa0fa8419dac07daf28dc030cd311efd9c4135078f8a3953006eddd1db8d72b7fe14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a28dddddaa9d93843f90d041d7bbf532

SHA1
769fa383f605319cc4353b7d0874958c93278478

SHA256
d52db7b409018c1c1f752ff2395249654850a04541fe9061155a63e643257ab3

SHA512
9f48c88ec83602a4e59d3048688f54a38f79ba37183b9253d94c09411e12ab98c0d8cc51f8e3160c07fa77163e409dfce1993bf96f93342d4cc0cf699025ead5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9cfccfd1731c5aae0b51808c29e2f410

SHA1
f5fd9e2dad27af6ddb9876d74e90fc5e2ca93955

SHA256
3978f3766171ba327648b92bb8d6bd55b6635e69618b01866e7b2e000f36ec09

SHA512
b87c088ed11376e501ee22859eb00a925fbca0f25abba635b99775fd91f006ad089148ab94297f92e817ec4281ccff72a2bc1145ca2c9ea1ead47776d76fb2f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9311a071eb72d59002981f50b16741a0

SHA1
85a0907b4e86e63c1633315e18f95f98eb55bab7

SHA256
cf96d897ad3819772a2136af7f9b2f535a980dc343c3770e0c0a95aab4dd8d10

SHA512
98bd5b34f53b6c0e6de30ca55870a9a6459165c65705473738e9d0a2a20fec4c2ea7326b7bf8493c03d5488ba2128e03b4c9cb01e14b088a46282429253724f7

Download Submit
C:\Users\Admin\Downloads\SynapseXRemake.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\SynapseXRemake\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
99e4aee036cc2918a008f4a1f2e2a722

SHA1
feba2fc6662da2bb25862f8e793d210b2b431230

SHA256
2711cc54964c107cd5cffc708fbd578e321216d6e14dcf99e1304360b3dfbd35

SHA512
41ccbaf111b1cc01c7b8043eee58187d560f830d65ea36a2cf8a3d9679c431e1234dacac306112721fd1ae4d1a6ee0cbf6a812c377230b5fb8b89cbb8b39d4f5

Download Submit
C:\Users\Admin\Downloads\SynapseXRemake\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
e870a831ae9fbd8730495be935cad49b

SHA1
823116b2b26610258b34efbc2cb0b7f61002c618

SHA256
470840424a1a4c589f3321a704fcfd0bf4beaf9b3a6794336397a8b5935ac4a3

SHA512
01d82b8ec0a0d51b8188be4077f49d641e8d2323134e20e649e05fb4f70be8a32683a0f8b3f2987363fcee74cc6a09d61514b5c5e7a7c7e459c2006ff2b21f6d

Download Submit
C:\Users\Admin\Downloads\SynapseXRemake\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Default\Preferences

Filesize
9KB

MD5
319358e186fca1f43d3545b527d5a42d

SHA1
b3020b70f7d5816f55b29e38e72e2f3ff97efba7

SHA256
af1de3b6b7ad20626e512b1bd776273df56dfd8a819d8854d75e33064f42e319

SHA512
e1de952d5a61001ed0103f558449b33b1672f8b0f8016aeebd6ddcd3f2a0698321bdb40edb44dd93b22d7f02d0b0cb769abf41ad9a3c4d43ab7cc51660ef95ae

Download Submit
C:\Users\Admin\Downloads\SynapseXRemake\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Default\Secure Preferences

Filesize
6KB

MD5
9aab125271798fc61b17508f30633447

SHA1
bb90c9f0e51b11484b2d5ca54e1fd3b88b1dae23

SHA256
608c0ebeb5e084500430430683b064e8fe4e9da0218a997c7d9edeb14290100d

SHA512
37296620738ed65c23bf988e02715184394d7ca913cd382bc925d8c8a9f1814b9e8de14cdb74d1f31895fe4729f5d2219b3cc02c24d969b71b95a0cecdd94a33

Download Submit
C:\Users\Admin\Downloads\SynapseXRemake\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Local State

Filesize
23KB

MD5
39c4042290b0e6a86280c34c229968e2

SHA1
abf6af7d597383e5bb8b736ebc6995c5410a4f89

SHA256
d77a80f639320be81e2e58a2d194232233b0f556429bb923a702df4c7eacf806

SHA512
1a950d9990cb55e98cb76989077c58812f9a7a5452f70bc2fafd622d3c6afe59abb59bfb1e5127198b7e57d2bb96023372ee4963b1146b8a702329f2cba76e7e

Download Submit
memory/4676-668-0x00000000059E0000-0x0000000005A72000-memory.dmp

Filesize
584KB

Download
memory/4676-683-0x000000000B280000-0x000000000B288000-memory.dmp

Filesize
32KB

Download
memory/4676-682-0x000000000C270000-0x000000000C2EE000-memory.dmp

Filesize
504KB

Download
memory/4676-678-0x0000000007300000-0x000000000730E000-memory.dmp

Filesize
56KB

Download
memory/4676-677-0x0000000007320000-0x0000000007358000-memory.dmp

Filesize
224KB

Download
memory/4676-670-0x000000000B0A0000-0x000000000B0A8000-memory.dmp

Filesize
32KB

Download
memory/4676-669-0x0000000005D10000-0x0000000005DA0000-memory.dmp

Filesize
576KB

Download
memory/4676-667-0x00000000052B0000-0x00000000052C0000-memory.dmp

Filesize
64KB

Download
memory/4676-666-0x0000000000760000-0x0000000000772000-memory.dmp

Filesize
72KB

Download
memory/6620-693-0x00007FF9A7E30000-0x00007FF9A7E31000-memory.dmp

Filesize
4KB

Download
memory/6932-861-0x00007FF9A9500000-0x00007FF9A9502000-memory.dmp

Filesize
8KB

Download
memory/6932-860-0x00007FF9A94F0000-0x00007FF9A94F2000-memory.dmp

Filesize
8KB

Download
memory/6932-862-0x00007FF710A80000-0x00007FF711667000-memory.dmp

Filesize
11.9MB

Download