phemedrone | hxxp://www[.]mediafire[.]com/file/b59pp7fa1qldgqk/Synapse+Z[.]rar/file

Analysis

max time kernel
98s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10-08-2024 14:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.mediafire.com/file/b59pp7fa1qldgqk/Synapse+Z.rar/file

Score

10^/10

phemedrone credential_access discovery spyware stealer

Malware Config

Extracted

Family

phemedrone

https://api.telegram.org/bot7213845603:AAFFyxsyId9av6CCDVB1BCAM5hKLby41Dr8/sendDocument

Signatures

Phemedrone
An information and wallet stealer written in C#.
stealer phemedrone
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

Executes dropped EXE 4 IoCs

pid	Process
6028	Synapse Z.exe
5372	Synapse Z.exe
2572	Synapse Z.exe
5340	Synapse Z.exe

Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2964	msedge.exe
2964	msedge.exe
3616	msedge.exe
3616	msedge.exe
1828	msedge.exe
1828	msedge.exe
5556	identity_helper.exe
5556	identity_helper.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe
6028	Synapse Z.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2528	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeRestorePrivilege	5876	7zG.exe
Token: 35	5876	7zG.exe
Token: SeSecurityPrivilege	5876	7zG.exe
Token: SeSecurityPrivilege	5876	7zG.exe
Token: SeDebugPrivilege	6028	Synapse Z.exe
Token: SeDebugPrivilege	5372	Synapse Z.exe
Token: SeDebugPrivilege	2572	Synapse Z.exe
Token: SeDebugPrivilege	5340	Synapse Z.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
5876	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2528	OpenWith.exe
2528	OpenWith.exe
2528	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3616 wrote to memory of 3744	3616	msedge.exe	84
PID 3616 wrote to memory of 3744	3616	msedge.exe	84
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 4212	3616	msedge.exe	85
PID 3616 wrote to memory of 2964	3616	msedge.exe	86
PID 3616 wrote to memory of 2964	3616	msedge.exe	86
PID 3616 wrote to memory of 4428	3616	msedge.exe	87
PID 3616 wrote to memory of 4428	3616	msedge.exe	87
PID 3616 wrote to memory of 4428	3616	msedge.exe	87
PID 3616 wrote to memory of 4428	3616	msedge.exe	87
PID 3616 wrote to memory of 4428	3616	msedge.exe	87
PID 3616 wrote to memory of 4428	3616	msedge.exe	87
PID 3616 wrote to memory of 4428	3616	msedge.exe	87
PID 3616 wrote to memory of 4428	3616	msedge.exe	87
PID 3616 wrote to memory of 4428	3616	msedge.exe	87
PID 3616 wrote to memory of 4428	3616	msedge.exe	87
PID 3616 wrote to memory of 4428	3616	msedge.exe	87
PID 3616 wrote to memory of 4428	3616	msedge.exe	87
PID 3616 wrote to memory of 4428	3616	msedge.exe	87
PID 3616 wrote to memory of 4428	3616	msedge.exe	87
PID 3616 wrote to memory of 4428	3616	msedge.exe	87
PID 3616 wrote to memory of 4428	3616	msedge.exe	87
PID 3616 wrote to memory of 4428	3616	msedge.exe	87
PID 3616 wrote to memory of 4428	3616	msedge.exe	87
PID 3616 wrote to memory of 4428	3616	msedge.exe	87
PID 3616 wrote to memory of 4428	3616	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.mediafire.com/file/b59pp7fa1qldgqk/Synapse+Z.rar/file
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb08a746f8,0x7ffb08a74708,0x7ffb08a74718
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,1436495122505206436,13755879918834058606,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,1436495122505206436,13755879918834058606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,1436495122505206436,13755879918834058606,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1436495122505206436,13755879918834058606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1436495122505206436,13755879918834058606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1436495122505206436,13755879918834058606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2316 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1436495122505206436,13755879918834058606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1436495122505206436,13755879918834058606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1436495122505206436,13755879918834058606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1436495122505206436,13755879918834058606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2224,1436495122505206436,13755879918834058606,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6504 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1436495122505206436,13755879918834058606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2224,1436495122505206436,13755879918834058606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6816 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1436495122505206436,13755879918834058606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,1436495122505206436,13755879918834058606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,1436495122505206436,13755879918834058606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1436495122505206436,13755879918834058606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1436495122505206436,13755879918834058606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1436495122505206436,13755879918834058606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1436495122505206436,13755879918834058606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1436495122505206436,13755879918834058606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:5696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5080

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2528

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4292

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap32299:80:7zEvent19456
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5876

C:\Users\Admin\Downloads\Synapse Z.exe
"C:\Users\Admin\Downloads\Synapse Z.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:6028

C:\Users\Admin\Downloads\Synapse Z.exe
"C:\Users\Admin\Downloads\Synapse Z.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5372

C:\Users\Admin\Downloads\Synapse Z.exe
"C:\Users\Admin\Downloads\Synapse Z.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2572

C:\Users\Admin\Downloads\Synapse Z.exe
"C:\Users\Admin\Downloads\Synapse Z.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
66208957f40f58efd5584cd2db4209c0

SHA1
2c16c7de7a86d97c32c5b44ef6381c9c43806f1c

SHA256
0feeb193a74332416b5a6385bc72e1f19a045f9d220f54bfe9d7859a5f297def

SHA512
5bc69c0d7571fc4c2829fe040f2de61908aadfe70811e657f6f920a1d17d8f7367fa245dff01442f79fd710cbcc547b5dd4f21e6836ad56de0a14e6683302b3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Synapse Z.exe.log

Filesize
1KB

MD5
19af7425f60a621adee10f759085b772

SHA1
82936a268c9b2af9f38dffa437306d19b6b088f7

SHA256
301e81a7137a0b11527e271cfc7dd554a2ecb50a38e63913debdaef2ac769396

SHA512
2e0a7a6b886d394e24fe89fe95b5af95f7b2603110101234d439864e5db0c7b8637807658fc34addb6fc2ba9c81d8100e73e36a754df68ff356f4aaedecb6de9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
00c66d5af76e77c53022af8113e2c512

SHA1
5a8b642884670dd206dab46c3a3b70c26c8a855a

SHA256
02b9f55302ca22ac418bcdfbb326de1e1d969c15e80d871eff001a94e108eadc

SHA512
e29ac286822f33413d04b064633ecc72ab8a788a9ae1f8841d43766fbb93b77fec018a370b2291bf83829e1977e3b3b0a4a977df4d1b656906928950cf7931d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Collections\collectionsSQLite

Filesize
64KB

MD5
2b65c5d1ab0aa3f3f57c635932c12a5d

SHA1
b532c837537438e591d5d6adbf96a5dfe5c40eba

SHA256
c111777e9b9a42cf62b06900b847283238af63d15033c40577cb10aaa58c084a

SHA512
7d75089fb928c23c0166a74bb2baa3c1245bb23012d30ec2cf1fe71f8412700d354d4b9b8070309b23a5b003e37727ecd00f9ffaa018ffa5bb67ad1bed58e175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
a0b4e96b098007dbe34a217aebfd0f1c

SHA1
dedc65c5e1b674e9493b78486480e3380bd2f3ad

SHA256
048c1b4fef863973f3919ad2d7a3a33d3008e458c4058b035bcdb3bbeedadf97

SHA512
b45e5c1ec6934e0eec08b7885f0e47cb474a4ecf9e7e44b44ddda8aa3183edf9ae87deb15f1457b3c7d8ec365d6dffd90b157986e2ffe78951cdb8b1f8a6cd25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
148KB

MD5
d97475b583356dcf8bdb89247f34821d

SHA1
3e7d154f342852045f4b122219439148894769dc

SHA256
efbd268147d520abf60af86a8889a4021215987d84012c2ce58a0cfa2b928f33

SHA512
09295c10e0bce4e9407c6fa8093ce12a9323cf1b0144c4498bbf0ad53f2eb84d327d0f9fbc995a891bdd94c8ba2cf424b271c5f454ace3c92f37f5d45a9ffbd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
8KB

MD5
4c4eab4a21a4d5ab1374c3236f1f0995

SHA1
e1dbd53212bd5928da963ef2d9bd5650f8459f60

SHA256
394642fec1128dcbe588811f43330585603a88a77e04e956b9d29de413468649

SHA512
d5aeb064429eb566acf24d5fa51b95ba8f218289473568a7a2046a69fb03a8cb85efcff3ebe96ed531132b11600f1d1d3b6100539420c7f4cfbb50e9cf486f97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
cf4b0a74bdc68a111bd7ccbd8569daa5

SHA1
e567e83b8db5476018dfed63802d0f60690c8139

SHA256
f79fc9fca22eace1d33311f380f135b75b30baa639f2d819fa437580ef268b6d

SHA512
4ffda967282821d319e22334cc4410eb8883b436654c2ffa65a7a75fdac296a349a672c734e8fed023b9b34d5f17d1af611f81d433108f898459b5ae412dac9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
f043da5677bbf78464f174579e26b76a

SHA1
9853aa2fcd6f9c2ed760c367dfc96071cb9aed41

SHA256
3d176a7ad93d44a91f30483514a5481d525627e15f761dc99a2e17a6df81db7c

SHA512
c67a89a56405e819388f44a7231380d2fc74464a91690ea0498f28a7d7d24551fef60bcfdaea9ecc573922ac0899ae4b1534d64f0b9657527b57dafd5ac267a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0893fa3c04ca906769c2d802fb688389

SHA1
11cc81a9fbc34b315c46ecf65c3f281b8cef6bb0

SHA256
37dbc6c07b811326c09cc15051ab04c208f3e509a01aeb2e81617e7f23331328

SHA512
bf72e15c961ab5bda5465d06ebc6c0e4f386a9b3544717d0d514c1d391a13ff17633382e2d42b946a0ff6689de139ba2c149ddfaf5536d0fdf19267f95fa6786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
673003c063c565876beaa8c7a6499094

SHA1
826ea6411caa553c7c094fcb6c3d4a7153ad2f72

SHA256
a240ede0f17bf7faffd46c2d1acdedd5c95ccaed45b468f5b6d307ea49514eb7

SHA512
dd20c35c4528cb8aaf452cf052ba4e69885f0427dff88de7587efac6e92cea72291da6f32d0d5813167723ddcbe9345d69ab2a197d4636eb319bfdb476477aea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
7dd55ae3877d1c22ebff5bfe1b0178d7

SHA1
5efa472cf01398f2795dab679eba3fe4a1f39643

SHA256
714ecedc6cb90a20f250bc9157a6046538dbabf128050e90d920eadfd5b18bf0

SHA512
d5ebf14621133eb7b85e554f6490a98948ce3d16ff1976d0203909f70976e8cb3dcaa1f22e80fd5d5bc3e14fdcd73b554c1b0daaa7cba4ce76382c903b724b86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\QuotaManager

Filesize
44KB

MD5
a8b3c335d6cdf46014d41ce9c0738cbb

SHA1
5ae66a7dce348c67705201304b55a7e680358620

SHA256
d1b2b719220fe02c65a983b1fff016af361b1eae4bdcf285a054f42d3833a78c

SHA512
0675c26a2756eb41e19444c4db32be06aed21b316178e63573cfc8d0d3c7429829a3ee8e9b8c437ef7edce61be19cdda80642f52e91e6bb4ce5088980b7d35a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13367774939008865

Filesize
72KB

MD5
4f10a779a5214e542d614189946f832f

SHA1
0d3a322420991fc9765e9cb404914a4252e3d187

SHA256
0e60310241281687f2caa8dcb257570ee67621039622f5755d8299902df9e635

SHA512
18df1062d902e21849466b0ab7989a675559f889c718d4e8dedbbb45543e2aca8043345975f843a9d77ccbedc73ace1d74c976f951889166805a2996b168b660

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367774939154865

Filesize
933B

MD5
2ff2b307900ca69f825795c9799ddfa1

SHA1
13764041e92792a004b544cbfd2c7e10072e1a2a

SHA256
4b1d10c74e384194feb61b5cc716979af16e83da48cbdf44be486bc312e56b0a

SHA512
8cadf7d7b8eb89e7209cf48ab460c8d10329502865e2d4c7f5af5100e6a38abcf015b077d8d4040ec9af90e566c7810756d7f65383545e94d05c134760f7b176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
d8581449fcf021ae34944c5a68795ae7

SHA1
20c60533c7df1735aa2e93959a4efd3af573ad4c

SHA256
f7d985653635f61a4a8bee7bfd0f330d87d65be0b513c4b7997dc8ddea2ff244

SHA512
4e846bf782c470b09d8c7e5b526438544bdaab0511b929f7e44e20ee61327d9227be9b3e9e0ffda00ba7b320022f8e66141af6d33ee4d13ba3a06ecba5c692b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
686d64e58c583d8240c3305454158567

SHA1
c75c2a4f4d48aefd1c2fc6234e175a80c3fe2552

SHA256
cc3eae6a9b10b7f8054d7398820718afbf68ab53f17ced5710032fc193f6062c

SHA512
bb6cf8a5d789f2ce42354963c8a91675af78ce70bc0cadae1b6758c189b4aa40b9e05cd637ac1a427ab55e33397ded0c3b6906b9818127f8a8027aa3815819fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7d2be587281cef60d26bb82b180a1605

SHA1
744f6df3e89d555ecc1cc924faa555e114759388

SHA256
899e670985a39abe58b78bb0364dd9477ecbc20ad7fa1c6c5220b748194055ff

SHA512
687f135dcdc0ba01ad346f2166a0e59d6f44a330a5ef96f230705f079565d592e233423c8d1aa16c8ce35577c463f9d2f01ec827e537878bd4ad836fbdf1ad79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f79e.TMP

Filesize
703B

MD5
3f7b32083e3ac4c3189577031012f8fb

SHA1
d799bb7095746bbb8a39425e97b69b329ca96a42

SHA256
f207e26715de68ea30ab7824ec9de00b28f3c4f92fc84701611da091b165e00d

SHA512
f29f621a1f2ebf1b2478ec9452776e8307464aa7fd3b34f066465038fa8516585a75ce272f6cf52c0edd3bcf8ba9a9b9a44537ed92bc04b08a428c646fcd3a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
47a857a5a440823ea2840ca1200555ad

SHA1
d4e8f4cdf590babf00a6c398c5b05321f6987317

SHA256
dcbf37d5ad2802b6baae09c1a1172f0a7dfc654f45318028fe980d252297d8f4

SHA512
8c1bd8676a8dd5d9816117349c13cc72a79a1a5f2518b050dd69fa2686a1dc9c86e18c7c142162a6a9fb7c0b7734bf59bd8c23a645bb7b36de63467be191c5ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

Filesize
10KB

MD5
39c7b04d9ae85c5e68804a2a580d897b

SHA1
f58aa967aaf2cbfdbeabc56e3d16f79dcbd771d6

SHA256
491de9909ba5cf9fa2b36599a8dcb5d2f125fb00b5c67918ba88e5d107cafc77

SHA512
c3a7d30e8b68fe268577e9d29ccb734b3d42675849aea9381e89b52a038501e919ae288500f9a6882dbfb6890cc782eb7b4eb175e96039adb126abe8615e053f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
33020d5e915bbd19692467dc55dbf767

SHA1
7c66c4d8e068a7d094b104eb65760e991b235769

SHA256
6471177156fff8ef6b9a362f8fd24c31096bc7bfba8cc6299994489d0de83937

SHA512
0c1239dc0f11676f3c17d7eaaca5a990c4317d85fac0a6a980c58273b933131401791fa41061e6e92b374d06202f9534c461cfd24508a570665c2609f2c0ac07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

Filesize
28KB

MD5
f52b3e5685c4f2b98461bb84fe93ab55

SHA1
89d471548ded09933e4180cbffae6b54f3227173

SHA256
4ed3ecc79883e5c9a3d3aec94acd8d00cd5d88c311b5101e82639c258a2816f0

SHA512
2f1652f4e2522276f0b1c7dcb9db117ceebefd3df146222102016993ade3442da03218b35f0bd3b487327a09094d28cebb80d3afe258be2048b330c1bc1c9912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
3.7MB

MD5
e04380bef70a87ff9db80c42b0858368

SHA1
f1ca59df6afafb258c5c1a068d1c076204f2ac1e

SHA256
766837ff746a65ffc1baf30dd27057652508d884c1e656da2d65a02d079d9176

SHA512
dacb15219bedc7903ed9b76fa7ce478f2fd6784a22a14d4b56f2787df9926b2159c3494d042c9c4bcf66625c93f27439c923454d9119d5a60b1d0a52438c1409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
3KB

MD5
ecfed276b53405161d4e2f2c9efaee77

SHA1
a874dd647e8e2d280ccaea9f989a43ae98e4476a

SHA256
7c1adc18ece03c858bc78940320adf9af937e9abe9ee8a0d7b62c773743ce7d0

SHA512
3c0d3f7dd73ee5afe259415d6dc84922f5f2ecbc0a1fd4195c02db6f3ec7bb31fbdfc634ab0a6b59a2075f4d7f47e041efa2fbd4e3bed6abc421cff270892494

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
fdcef358e2285db43ff18147818ec4f6

SHA1
8cedada52120e0be8a6f442876681796487b7d43

SHA256
3c0101f860ea854ce5f8cb179c9e3a1bed4eb5d5a775ff4941526a58ccdf9ef6

SHA512
5f863542e4e608eef83cbea16900069b8ed7d1beb1e434b07c2b4c880542029b267297db019479e28f1b5ba660bb9eae7f398c4bd0338d7b16e1e54f955a4b38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
531B

MD5
c8a4a98997eb8635d668317dcce1b130

SHA1
aed69335c1338e5b1eaedf036216d6e2104fd1e7

SHA256
611404f1b5d4947e30d9c665139ee737149b3ee18e8873897b5d671af76022ce

SHA512
fa413d89593814f329dbbef34beaf55b5880cb6dd0337b646eee0e8ee75c62db61f1346dee1f5ebaf7d9da292100df9da32cbf8954fc4662d9ea058602e11057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
8aa67d442928135479f206380e1d3745

SHA1
ba1201f73795635332ed4ae9a8247ad4606cefc0

SHA256
524478ba9392776fb6fd7e4e58acc42390f1a7e4e794164d043b36fd64a1789c

SHA512
bc70fb158203ad492df3452217ff1480f4f3ca1e90db7d0db26fa4b8adeac8afec822e5e04bd0392af484d166cfb8c01dbca5fe67b8542cce2f390808d86798c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Functional Data-wal

Filesize
48KB

MD5
9403bf2524345cf1ca2a3c50852aea2d

SHA1
c743dac8c2b44b294f9e3a27d3fc8393a3f73854

SHA256
0689f5d4275dd01f7eb578181381214ceec560467b3bb4a8244f5e17f0f8609f

SHA512
a0e82632c3b0a846693dfd749b7ced57607523db9b041d3473ace3fc1fb1f94afdd6deec094562dba7cbc45e14e735b259e6098a03c8e610188bff74817fafeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Functional SAN Data

Filesize
4KB

MD5
47d51beea86408c240b4251384386ab7

SHA1
5b858e835e716717946d89d787f3a189ae9c426d

SHA256
28b7183dcf3ea002187959d15d308f01749257ac84d5265ebfd90f4745ceaf64

SHA512
e36ca1161a7a225caed4e30c886e95b8a8ec3ba4a73618048a93a6ba4341cac47f97ed103df6e6d33088da5517d1efd42f16386b0b1614dd5208e2d0756f0821

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Functional SAN Data-wal

Filesize
44KB

MD5
d81c834cf8df3f082279264605748b33

SHA1
994f02320ed67829fa797ddbf23f56450e12eeab

SHA256
285317ae9dd16a93d76c43f3a1113f26c72b0532da23d075fd92e041a29f4f61

SHA512
064431f5f5651dcec564222e9cad3eab1dc9d0fc10aa60969b2a4c04d54ab9ac5de99d4e4536e33c78a50ba73995d69bf83e0b16b5396adabbb512d8c3429e09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
2eaba917adf168394971f86cd932eac1

SHA1
15b37f2a244fae703656c4fc317fea30596f3f81

SHA256
13fbb3a56e1bcdcbd74a64e8799343fcd57315650d197ee338abd1e19c1a4ed6

SHA512
03f2897502f90b445e1b7cbce72101ec6272317672a473a6ecce7f9eab5659d3c47187fa76113fbe5a1a3bf1ebfaa62d39a91a1ee51f01ee982a1e0683208cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
3c3f380dc24d08daf1a1ddf31cf85317

SHA1
e77f0813fc62e3550dca7d502aebf69701a1ad96

SHA256
176c437a5345b4fcd6eb3184208667b1f91c626288a69fef9c0137186bfde2a3

SHA512
85bf41bbce298b2271d2ba3767eb704a37411c0ca2b99a83dc674c6e8b79ead8da73a8e181ff96b8b8c3ad88a3514b54bc3a1ca70dbde3f30781a65eecb6e152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
19a33fdcf0f8d892d09dcccbc8684b9d

SHA1
049f9f592584e3d836b0d94c99b59e111afd5a1c

SHA256
9a1cf7cd0d8e653202a2bc19b46e8bd140605e47d69bb20545fc3e094a93e9fd

SHA512
680ccb6bfe44393ef2dc42f1670bc171914c40fb9c2bbde24a8dc172c8287a14336f64a28f5a289cef19d69cc69761b78fd0f12d851d1b79bdace5078a135930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
649444143ef43c9855441dd2128d9ff5

SHA1
59e08c219b9ec581b587cf37ea10c2577a0c7cf0

SHA256
6d198ddfa6859f6216d022ed448992d8358bed19fa3eac8e7462b111fb905472

SHA512
11eed453d41c41710a6c5670d330e51f426eab038717bb39e6d3e3e0f87cc1d50c8fc43231908c1d227e728ff06e825c970ddaa018d6100c8f4ce130861b1ffd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
09e2d27c1208d724904c2942404a7310

SHA1
fb6e2930f6eaeea97c5cc77f25e33d55017b205d

SHA256
af492571cad4f20429c817b4673543eb38471e97f5acb7eb155e42409322474c

SHA512
46625b7d62cb301737ef31399ce8e721b91e6043b305ea4f386b2b8793f2d959cbf423531f3eb6663ed56d75a7f1c56e85ca8a60211cf784371cb560f9e11224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e69a5a40fbf64961548351188c880592

SHA1
a6546647faca85f379f16d9a964c88a2067f7b70

SHA256
a3e13a984a95f7cb333f55934b9f56bf9a461ea7b39d03ab4394609d7780404d

SHA512
df00872f7cf77d2ed557ab882bdbd9a9d45d15da9d1fb83ecbb280148c33c1b1d1ef15e5780e4ac572800f6b021953a96df7fd2689ae2e9eff87a8a870f2ef14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
19f5593c1487592ec262eeec761cc21b

SHA1
810553042682e442adafcc2c51657e827cd98aa5

SHA256
8dd59d5125dc5b1b38eba9e0754b9da3563f86e05238b04e4632d542cff87d09

SHA512
3081a57b28672a6574d4dbbaaf84d5eb1aa3f359ad962952541fa2940ab1dbac1a3796d72f513e03570cd6ffa94385951d9a7e7bbc040338feded6486f4e99de

Download Submit
C:\Users\Admin\Downloads\Synapse Z.exe

Filesize
121KB

MD5
6269d12d33e882b6dccf756fa5b1172e

SHA1
4d7be4367c592ad6af5d2e69cb2dbd75f41e9cf9

SHA256
1dc0ff14ed4f413da460555fae083249e26e9b83f3e84c68d71ce0cd96542e05

SHA512
85725fb9ec6fedc05376ab29945d23f4a16f9db477e4df0d65399d44789c365a7bfcff810d4d0ec0db907383938612d45f970723d43aa0622955ddd2e6a27c27

Download Submit
C:\Users\Admin\Downloads\Synapse Z.rar

Filesize
54KB

MD5
2c294b9ab51047dadc1326b5e644cd37

SHA1
b3a6fc9d04d7c84e9dc2159b47cd3dcec0228a1f

SHA256
d49b318ebd36d2d80d20a2339f7ad1a8700b4bfcb8e35e56ef2fbe5d470c79a3

SHA512
0b029f0164d26a8d5301b73a8424e516c13840821c6179ab764b86f9642bdfcd2f998dec31b14d44f2b347da4b26f44055c2424ade654d193cca3e6a91391639

Download Submit
memory/6028-309-0x0000000000190000-0x00000000001B4000-memory.dmp

Filesize
144KB

Download