hxxps://mega[.]nz/file/wDdCRTwL#Yqgj6bVgENy7NY9NW6tsIk3xr_4beXObBJB-3n_E6AY

Resubmissions

12/10/2024, 19:56

241012-ynmpjashml 7

12/10/2024, 19:52

241012-ylteassgmp 4

Analysis

max time kernel
129s
max time network
130s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
12/10/2024, 19:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/wDdCRTwL#Yqgj6bVgENy7NY9NW6tsIk3xr_4beXObBJB-3n_E6AY

Score

7^/10

discovery execution

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3716	SynapseXRemake.exe

Loads dropped DLL 4 IoCs

pid	Process
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
3812	powershell.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 5 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2780	msedgewebview2.exe
5024	msedgewebview2.exe
680	msedgewebview2.exe
1988	msedgewebview2.exe
2868	msedgewebview2.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	SynapseXRemake.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	SynapseXRemake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	SynapseXRemake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	SynapseXRemake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	SynapseXRemake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	SynapseXRemake.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	SynapseXRemake.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	SynapseXRemake.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings	SynapseXRemake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	SynapseXRemake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	SynapseXRemake.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	SynapseXRemake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	SynapseXRemake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	SynapseXRemake.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	SynapseXRemake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	SynapseXRemake.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	SynapseXRemake.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Downloads"	SynapseXRemake.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	SynapseXRemake.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	SynapseXRemake.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	SynapseXRemake.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	SynapseXRemake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	SynapseXRemake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\0\0\MRUListEx = ffffffff	SynapseXRemake.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	SynapseXRemake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	SynapseXRemake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	SynapseXRemake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	SynapseXRemake.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	SynapseXRemake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	SynapseXRemake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\0\0 = 56003100000000004c592c9f10005363726970747300400009000400efbe4c592c9f4c59319f2e00000090ac0200000001000000000000000000000000000000e4fe8e005300630072006900700074007300000016000000	SynapseXRemake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	SynapseXRemake.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	SynapseXRemake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	SynapseXRemake.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	SynapseXRemake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\0\NodeSlot = "6"	SynapseXRemake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e80922b16d365937a46956b92703aca08af0000	SynapseXRemake.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	SynapseXRemake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	SynapseXRemake.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	SynapseXRemake.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	SynapseXRemake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	SynapseXRemake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	SynapseXRemake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	SynapseXRemake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	SynapseXRemake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	SynapseXRemake.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	SynapseXRemake.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	SynapseXRemake.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	SynapseXRemake.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	SynapseXRemake.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\0\0	SynapseXRemake.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	SynapseXRemake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	SynapseXRemake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	SynapseXRemake.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	SynapseXRemake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	SynapseXRemake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	SynapseXRemake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\0\0\NodeSlot = "7"	SynapseXRemake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "5"	SynapseXRemake.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	SynapseXRemake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	SynapseXRemake.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	SynapseXRemake.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic"	SynapseXRemake.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\SyxReBootstrap.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3988	msedge.exe
3988	msedge.exe
3512	msedge.exe
3512	msedge.exe
1420	identity_helper.exe
1420	identity_helper.exe
4148	msedge.exe
4148	msedge.exe
1188	msedge.exe
1188	msedge.exe
3812	powershell.exe
3812	powershell.exe
3812	powershell.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3716	SynapseXRemake.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
2464	msedgewebview2.exe
2464	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	2436	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2436	AUDIODG.EXE
Token: SeDebugPrivilege	3812	powershell.exe
Token: SeDebugPrivilege	3716	SynapseXRemake.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
2464	msedgewebview2.exe
2464	msedgewebview2.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe
3716	SynapseXRemake.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3512 wrote to memory of 1984	3512	msedge.exe	77
PID 3512 wrote to memory of 1984	3512	msedge.exe	77
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 4848	3512	msedge.exe	78
PID 3512 wrote to memory of 3988	3512	msedge.exe	79
PID 3512 wrote to memory of 3988	3512	msedge.exe	79
PID 3512 wrote to memory of 4680	3512	msedge.exe	80
PID 3512 wrote to memory of 4680	3512	msedge.exe	80
PID 3512 wrote to memory of 4680	3512	msedge.exe	80
PID 3512 wrote to memory of 4680	3512	msedge.exe	80
PID 3512 wrote to memory of 4680	3512	msedge.exe	80
PID 3512 wrote to memory of 4680	3512	msedge.exe	80
PID 3512 wrote to memory of 4680	3512	msedge.exe	80
PID 3512 wrote to memory of 4680	3512	msedge.exe	80
PID 3512 wrote to memory of 4680	3512	msedge.exe	80
PID 3512 wrote to memory of 4680	3512	msedge.exe	80
PID 3512 wrote to memory of 4680	3512	msedge.exe	80
PID 3512 wrote to memory of 4680	3512	msedge.exe	80
PID 3512 wrote to memory of 4680	3512	msedge.exe	80
PID 3512 wrote to memory of 4680	3512	msedge.exe	80
PID 3512 wrote to memory of 4680	3512	msedge.exe	80
PID 3512 wrote to memory of 4680	3512	msedge.exe	80
PID 3512 wrote to memory of 4680	3512	msedge.exe	80
PID 3512 wrote to memory of 4680	3512	msedge.exe	80
PID 3512 wrote to memory of 4680	3512	msedge.exe	80
PID 3512 wrote to memory of 4680	3512	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/wDdCRTwL#Yqgj6bVgENy7NY9NW6tsIk3xr_4beXObBJB-3n_E6AY
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7ff820a03cb8,0x7ff820a03cc8,0x7ff820a03cd8
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,15613807008534096696,2245287469756501317,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,15613807008534096696,2245287469756501317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,15613807008534096696,2245287469756501317,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15613807008534096696,2245287469756501317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15613807008534096696,2245287469756501317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,15613807008534096696,2245287469756501317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,15613807008534096696,2245287469756501317,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3760 /prefetch:8
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,15613807008534096696,2245287469756501317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15613807008534096696,2245287469756501317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,15613807008534096696,2245287469756501317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15613807008534096696,2245287469756501317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15613807008534096696,2245287469756501317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15613807008534096696,2245287469756501317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15613807008534096696,2245287469756501317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,15613807008534096696,2245287469756501317,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5108 /prefetch:2
  2⤵
  PID:3500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3636

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x0000000000000484 0x000000000000048C
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2436

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2256

C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynapseBootstrapper.exe
"C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynapseBootstrapper.exe"
1⤵
PID:752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c powershell -command "Expand-Archive -Path 'C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake.zip' -DestinationPath 'C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap'"
  2⤵
  PID:3128
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -command "Expand-Archive -Path 'C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake.zip' -DestinationPath 'C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap'"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3812
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe
  2⤵
  PID:4724
- - C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe
    C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:3716
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=SynapseXRemake.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=3716.2604.8306730285699609628
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      PID:2464
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x1cc,0x7ff820a03cb8,0x7ff820a03cc8,0x7ff820a03cd8
        5⤵
        
        PID:4908
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1920,6201380601541293121,13755261164622952932,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView" --webview-exe-name=SynapseXRemake.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2780
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,6201380601541293121,13755261164622952932,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView" --webview-exe-name=SynapseXRemake.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2056 /prefetch:3
        5⤵
        
        PID:3360
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,6201380601541293121,13755261164622952932,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView" --webview-exe-name=SynapseXRemake.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2480 /prefetch:8
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:5024
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1920,6201380601541293121,13755261164622952932,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView" --webview-exe-name=SynapseXRemake.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:680
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,6201380601541293121,13755261164622952932,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView" --webview-exe-name=SynapseXRemake.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4424 /prefetch:8
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:1988
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1920,6201380601541293121,13755261164622952932,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView" --webview-exe-name=SynapseXRemake.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d30a5618854b9da7bcfc03aeb0a594c4

SHA1
7f37105d7e5b1ecb270726915956c2271116eab7

SHA256
3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8

SHA512
efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
03a56f81ee69dd9727832df26709a1c9

SHA1
ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b

SHA256
65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53

SHA512
e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
a129ed20540d63393a8693b453c39c82

SHA1
d39b056ffdab3acfd1822f291f4ca285a9123ed1

SHA256
5c1ab97c7e6e56ec53ff06aa57a7ff7a6057c6f164d54b61ef8cd7d454565595

SHA512
7b24108e8edb20d0cb04f0c1a95910733602ca491b929a8bfc4cb48714df786eb0697b7f4517d3148940e9636ecae81288965f017f386124f50732a138b2c387

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
008114e1a1a614b35e8a7515da0f3783

SHA1
3c390d38126c7328a8d7e4a72d5848ac9f96549b

SHA256
7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

SHA512
a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5571d7e656d924d6c237f1578a964c0a

SHA1
1c1ffe46ec7c31b5d415f7c6122a87f717e1b4de

SHA256
00c4cb57fe761143007467105f93ead20bdded3dd7c0cc84cee14a54a304232c

SHA512
02186f09760ab6a48dda5a363ee0233dde05e4b59d983acfe4faf764eda73e4c254cbdba3887ff00dda99d6dded5b286ac0a04e92e9b1ae2c1471001dff6d116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f8613a97a08f0c4baa8f0b20d2746801

SHA1
76dae7399f6e283f02d45a59fec1a9cc86d169da

SHA256
b8637da0a7eeaa7db0e14fe0ed8d62db473b3d53b1e91b83b732fecc32af3ab2

SHA512
047803d21215624fbf8e4861e7915e3ad4fbf0bd7309c80154bd21dee472fdefd8fc02887bd5d2f34c614ccefcbac5fea8db67f9538c407ddccced8a72ec5e4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
fedd8a1fd5598c6846764497715582ce

SHA1
7e6843ceb6f85b9a94335bd262a0ad6e77224ef9

SHA256
3be3a0300714b352e18e22031886d81a848a74877c7b12978718b89fab5891bf

SHA512
240ef9b39770f667e8b351aa3fdf432e2ecbe0f5bf5b2dd65ceb4447aae5b24808e4c15ed01497c73fa2c32049ae9e0aacde9c7d7d443082a00104c65e7df3a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f136.TMP

Filesize
48B

MD5
b6a45a6b51aeab924f0f4ab5be6660b0

SHA1
5de01582cc95dfe1da0b5ff59d93a9ef5addcdde

SHA256
0604f0ce3f696618ff2d5e81e501ae161366443ff7ee23c50fd5aa570876f7a6

SHA512
6fbe4952d806921b6fb84415146968b6c4aa1e820ea1eb1074c7d820ecec4697f1f3688efb9d3ce77b6240b30eb257ea2e3255a6ccf6536c58e4ce0ea3dd53b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c6378422da490143b93c31d29694efc9

SHA1
6af560b204521639bac4fc500d4c8fcd73a8605e

SHA256
193b497b89bd52e08c8335853ed09dce1b57be93350007444c731dcf08412876

SHA512
8566eb4f5cbc17ba24951d7ead531231690e9fcd565a2c7d8bca8579cbed0c4219191f1eea88b1ad104bdda09fadab3cafe7ca1502e27144f8c97dcb61484245

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
09af6b36961b85f5bfe695656aa72394

SHA1
ae26e88dbda7059fbebd69e32f1773a6935503fd

SHA256
27d5205e6e3c3b6d5d8b31dddd868ee891e8af77325861dbf472454310ea25b9

SHA512
6820f2c82bd4c3bccc9cf36be95b713482c740a3d4bbe678210a2857918510d0d162d1b714a5029a8021d0d8d804080ad74e2d747518168a5984f90d78812f85

Download Submit
C:\Users\Admin\AppData\Local\Synapse_UI_WPF\SynapseXRemake.exe_Url_slhwisqfbmluxijzztyqdmromt4f3x0h\1.0.0.0\2qrwag03.newcfg

Filesize
339B

MD5
573c1a34fc001892b2c4d15f58b8fe03

SHA1
1515b07db20c6dad862457e15ad50e8f79e80979

SHA256
ff32d95ac3764326c6bf2fcef9db426b3cb567c0cf38e651fc10c1552bd7fc5c

SHA512
59686c69fac4640f9aea748b5941bc2582dacef11e418d33b51e31369386751f5b8daea23ed38a8221d92c1ff69ed24b22390ced36941d7ffba4f30a557f1a49

Download Submit
C:\Users\Admin\AppData\Local\Synapse_UI_WPF\SynapseXRemake.exe_Url_slhwisqfbmluxijzztyqdmromt4f3x0h\1.0.0.0\3wihyyzn.newcfg

Filesize
333B

MD5
a2e3f493b6c9dbfcfe6e8b6a2ac315f5

SHA1
c50245856aef460964772ee43a9f0a0a85cf8326

SHA256
d4ccfb1f5e203144e99fbdca6b8b1ed8c7451d3c64a566eac77960a8161ea0c0

SHA512
9e7cafaae9ae161a0801b94032a8255ad3ed515c71e11a204f4e00d99dcff5ca82458cf2d78cb106b82e1e9440cd16b53dcea274e9c8b742a122e273d3cd578f

Download Submit
C:\Users\Admin\AppData\Local\Synapse_UI_WPF\SynapseXRemake.exe_Url_slhwisqfbmluxijzztyqdmromt4f3x0h\1.0.0.0\4wdgvp13.newcfg

Filesize
327B

MD5
434a03b7a1e94ad29050fc094e2d71a6

SHA1
8cd95292c1474b30bebd0940ff96b999b8a4dd7b

SHA256
204136864c023dde9e57b221ef9c76d6be839f840cbdfd1e54ed2c8bfb6702df

SHA512
c9fc14bca4c9a32b0aa6299749f9eed2ff1efabf90a588f2ec054eff3a32eef096ab0635dda1db586b6cf534dd5ead905a58bedc911c19ea6813c5648a1d667b

Download Submit
C:\Users\Admin\AppData\Local\Synapse_UI_WPF\SynapseXRemake.exe_Url_slhwisqfbmluxijzztyqdmromt4f3x0h\1.0.0.0\5thhy5q3.newcfg

Filesize
337B

MD5
547dfb3e1fe88449cf65fe2d18ddf37b

SHA1
89e2ab38526aaf1d726492c33342309d4c85a016

SHA256
39866da8c8d06b7e46054193d9e3b9e73ea0421ef62ffe5c82c4ac03ea3f9bd2

SHA512
df3bddd193080e3f77644aa2d3247f97809e97030f9736e92901fb678461047bbda9b0bb8223960f1289af6806685129b2b3bba6c634e9c2cb6efc2237349741

Download Submit
C:\Users\Admin\AppData\Local\Synapse_UI_WPF\SynapseXRemake.exe_Url_slhwisqfbmluxijzztyqdmromt4f3x0h\1.0.0.0\d2tauap4.newcfg

Filesize
326B

MD5
4f4fe2d91552d7311aced9fb386cdc1d

SHA1
fb21d23d7330e8db07c36288209e6a881f909501

SHA256
332fdd15bc81ef604b70b64895c1c9819c20dab364c76fe2346d0ffd4f09602a

SHA512
67e98873ec1ce1e6f507b5e83e4c4c2f2364d4a8d3d2b4a9d431a1a7a712c34aa359345cabe2f37a2f5c35f27277dcd3b3adcf2bb6e44352344904895a20902f

Download Submit
C:\Users\Admin\AppData\Local\Synapse_UI_WPF\SynapseXRemake.exe_Url_slhwisqfbmluxijzztyqdmromt4f3x0h\1.0.0.0\d5mwmypy.newcfg

Filesize
326B

MD5
17e39c8e69eb88ab0c75cb863691f2b0

SHA1
c119738f35d8e113d1cde7cfab5513f51342f118

SHA256
7113974667d07fc975f6b038000a31125a5d9ad13cd36c233bdf23ab3ef1c443

SHA512
80ef457f3fbc9638fa300825942ed43b875c3a0ee12217c543c1746ad0a9c98b99294813f23a5d36d9353964a4a5570909c63dd7bfe33960a74521648bf2e3f0

Download Submit
C:\Users\Admin\AppData\Local\Synapse_UI_WPF\SynapseXRemake.exe_Url_slhwisqfbmluxijzztyqdmromt4f3x0h\1.0.0.0\etd0aano.newcfg

Filesize
334B

MD5
af1f1391e7b5bd309fc61b0dd07eec7a

SHA1
1bf37a2a69f5e17c8571f7b67e67bbd12f5e365a

SHA256
c9b432c9e8b06fc429ddc206d3ad2262105176e4a6d3168d2f621c07519329e1

SHA512
b59c286d122fa4dded043241c1a48879e09798d02cfb2fb5fa25e58fa03646e2424c8e4db0ab660d7edabe78b0b09595331c8017f44dc9802cf8436af8c2ad0e

Download Submit
C:\Users\Admin\AppData\Local\Synapse_UI_WPF\SynapseXRemake.exe_Url_slhwisqfbmluxijzztyqdmromt4f3x0h\1.0.0.0\fd2x53g3.newcfg

Filesize
344B

MD5
5456c9ea43d0d8b9c2b80a0dc8af374d

SHA1
0ec3d5c52fdcc9d4451fb49e45c2419114a9a4f4

SHA256
c20f6fcb9d656b1be6e204268594fbad98c7553124b874a88823300d7419f0f9

SHA512
c2da06a93db47f08089a6904a66d335a85678c1cb73b35d06d8094b9ea7135e1081e129129c3bb40c91f40520f330b49e95eb41953c418a90888ca081415effb

Download Submit
C:\Users\Admin\AppData\Local\Synapse_UI_WPF\SynapseXRemake.exe_Url_slhwisqfbmluxijzztyqdmromt4f3x0h\1.0.0.0\fmoqjwc5.newcfg

Filesize
332B

MD5
d0fada3e0f903e6f0c1663a6955b3c8a

SHA1
77752f128e6a7a057ad2f480ef8099a0cc585119

SHA256
104504875b67adc3307948927dcf0a92932c66b5c9a4f68c35c6b227dcf45b7e

SHA512
bf92c54a5ede72d1c0ac6de8a24c9ee79dc54a6eacae2fc47d46e3585dc63a1199d54bd1bcce2df102d300cf76ecfa9730fc7712f344f0632fca91603fced740

Download Submit
C:\Users\Admin\AppData\Local\Synapse_UI_WPF\SynapseXRemake.exe_Url_slhwisqfbmluxijzztyqdmromt4f3x0h\1.0.0.0\hjy4xgy2.newcfg

Filesize
325B

MD5
775266c28423e82dd8d0cc79d24bbc85

SHA1
694bffba8c2412ae3ed91a0b32a5ee78c2324ba0

SHA256
b8c5e83f851eb0ed17753336130ad52dbdb38dfb4e5afacf731928ac39e6870c

SHA512
c6bbb36cc5adaf3c685c11add0358f06b88064aa7ba87648106d7a0c901365468fa09aea1544943667df9a9e8c818dbc5d950bf53dfb4dde6a2d8e1a2c088ab1

Download Submit
C:\Users\Admin\AppData\Local\Synapse_UI_WPF\SynapseXRemake.exe_Url_slhwisqfbmluxijzztyqdmromt4f3x0h\1.0.0.0\kodffrxw.newcfg

Filesize
335B

MD5
be7d47879ac076d831d487657445955c

SHA1
3380a211e326e51794139bc63cf5e57e39810e83

SHA256
13a516a3866f675b7d999e3403196d469d548cc5b93f6bdd6c0c7955ada019d0

SHA512
786248a3ab50b32d20722a987f2c7afe31b0531b252bbdf2802399c76ef008d5e07bba6b502820707d5079882550cec9f54b5593ba4311a10244ec2d227c5526

Download Submit
C:\Users\Admin\AppData\Local\Synapse_UI_WPF\SynapseXRemake.exe_Url_slhwisqfbmluxijzztyqdmromt4f3x0h\1.0.0.0\l4hrm2um.newcfg

Filesize
336B

MD5
c4bf5664203650ccee2991c6be99ccdd

SHA1
ded012d07ac231e61facb44d4f18ab4c13da2a3f

SHA256
c11a13f50144d0387c26284e0f7628b3d70c3a4807db749fb9bc3ec4b419cec5

SHA512
fb6b22d5d231d8ff57bf52ccbe165fba66be13f451c4344e6858e9ba182b4984ff5f8dbdb38a987b8bcc44c2f260b0ba99d0be62c64f6b1f72add543123bafd8

Download Submit
C:\Users\Admin\AppData\Local\Synapse_UI_WPF\SynapseXRemake.exe_Url_slhwisqfbmluxijzztyqdmromt4f3x0h\1.0.0.0\o533lm22.newcfg

Filesize
341B

MD5
a850d9e01f17a8092200d40bb5e80dcc

SHA1
c5f4b6a5139b0d12e823070a68e15abcd5bb3552

SHA256
15b8f95eccb04d4c4b5611b95af50f98490d7b1e4266dee72f520bcddf7ce5b0

SHA512
696d03eaa119f103afc01ecabc4757dcd20b3071664fadd3a8a4bc84193e819bf07feb24d147a88b230d7bff750fbf26fb924f8ee40bd5661b9b73bd44dbd554

Download Submit
C:\Users\Admin\AppData\Local\Synapse_UI_WPF\SynapseXRemake.exe_Url_slhwisqfbmluxijzztyqdmromt4f3x0h\1.0.0.0\p2uafugq.newcfg

Filesize
344B

MD5
97cebbfe3b4f04dcc9c41798eb3ba84d

SHA1
70ba3b12d16164484fe834b495d8d1156194fa07

SHA256
6ef147e6bf5eec954575919107c06bb4a9037f279e4485a82e82edaa19fb5c0a

SHA512
c6a2a647a2207ce7ed9eba4ddcadf1cbfe29b431ba562b3873ed16c9e28187e4630e7412413c927f1b4838ad13b475e1dc709e03349c4f21c595588802a549dd

Download Submit
C:\Users\Admin\AppData\Local\Synapse_UI_WPF\SynapseXRemake.exe_Url_slhwisqfbmluxijzztyqdmromt4f3x0h\1.0.0.0\sdsggmnh.newcfg

Filesize
346B

MD5
7c3dbbcfba36e866aa9a7dbc22c09204

SHA1
8b4fdcafe90a07395586cd0d8b079c81aee84dd5

SHA256
f6e2a70edc7f774f2ac32235b8cb15c1d1431f87e388cda9ee5b97f0dee20d71

SHA512
662196dc02ba2afcc07d4caf8012ef448b411936f5ed7c699d0c32a5e69f43301f4fbba112628a9ee8739c0df672dc2c7455f7722e95f8f0260d35ae5704efc6

Download Submit
C:\Users\Admin\AppData\Local\Synapse_UI_WPF\SynapseXRemake.exe_Url_slhwisqfbmluxijzztyqdmromt4f3x0h\1.0.0.0\user.config

Filesize
316B

MD5
11c1db716626af997ec7e7f4655ce6e1

SHA1
b92909a2c9cd7893498ff0bbb877b27af8566356

SHA256
f659ae60531ceaff833381dc4820a7e9fdd11272b2cf96b2913dc32be0b5e91d

SHA512
d00a742b14394fc90be09299f76ca122583c6777a1f4f4a0b7f1399b2cdc83a81f8be6ac7116a3a7c7ac368d221ccaecd771170467fdcc317f17a7b1e6653868

Download Submit
C:\Users\Admin\AppData\Local\Synapse_UI_WPF\SynapseXRemake.exe_Url_slhwisqfbmluxijzztyqdmromt4f3x0h\1.0.0.0\user.config

Filesize
340B

MD5
a29a104594f915b5ed609e44ae15992c

SHA1
61355859bc3b538bbbfa0421e60df0479d956978

SHA256
def53541e25104367748525e7c478ec3378d7a9e3f9d50674279c9792386aaab

SHA512
755d4604ebe58a3a97fccb9b23911a71a22df6cce0a4ec1131509b9ec641abf530af53bdad1fcf6b0f4614826e3204a43681c37a3b99cca451a790341d800e6f

Download Submit
C:\Users\Admin\AppData\Local\Synapse_UI_WPF\SynapseXRemake.exe_Url_slhwisqfbmluxijzztyqdmromt4f3x0h\1.0.0.0\user.config

Filesize
342B

MD5
2c04ec926df03b98ea72d497159bf419

SHA1
08e92a9b06b3aeba3281b8f976480bef73b1b23b

SHA256
933a3146ed8a242c1b52993ae3a5a48c7fa9dd09f51a65eade8634ba2079e4e4

SHA512
3bc7820c5a98f5759aa3c3cc642a4950ab6b22574850d7d7e521373b242212304c512ad4614f78dc317638eff1b4811edd49aa5ae3756ca9602f8857ac27520d

Download Submit
C:\Users\Admin\AppData\Local\Synapse_UI_WPF\SynapseXRemake.exe_Url_slhwisqfbmluxijzztyqdmromt4f3x0h\1.0.0.0\user.config

Filesize
345B

MD5
dd9694f8fca4eb8be3dd714fffec4ece

SHA1
d8dea03905f17c81fb4c76e82132819f12d03986

SHA256
7f0b91aa713f4c476abda21c940d4d15767078e3aa474b7475ea84c414c298c7

SHA512
cc8b330bfd2352ba392f17ff3e8666d4ab279cd24fc694ad3733b1b0299b7276ea289d18bf86709bef3e79e5c6b8e0936a1e4b3821f9dda24ffbb7cf8041022d

Download Submit
C:\Users\Admin\AppData\Local\Synapse_UI_WPF\SynapseXRemake.exe_Url_slhwisqfbmluxijzztyqdmromt4f3x0h\1.0.0.0\user.config

Filesize
329B

MD5
bb0d0df451c2920b04d17d999f2ce4ef

SHA1
94ea5a1a27ea66c829ea9dff8b1ed499ec52626c

SHA256
84fd7d0dd93f32897efabdfae6681a095dc763de2f11cb93c30ac2925e085690

SHA512
2480d089dc942a4019aa1bb0cc1e93473fba5648e3a9f808f5448998903eb812b04ae2c64f3931fb0d2d87dea68709d7ffb587e1db1ae39d3fb15f9b0d466eaa

Download Submit
C:\Users\Admin\AppData\Local\Synapse_UI_WPF\SynapseXRemake.exe_Url_slhwisqfbmluxijzztyqdmromt4f3x0h\1.0.0.0\vitwuugg.newcfg

Filesize
323B

MD5
c824761bde821306e918b3e16b9e1076

SHA1
ca43e3007ff0f22789722654695bf4980003dc3c

SHA256
6c0c9140306b65958a00939e33280e29f1c619f3506d3dc631dc7a27c91017e4

SHA512
8baa712bca300c342fa1b0825301de9441c1f50c579798bd8f25bffe0c6c710f2fc7313da0d54f9df061892490d23aaf831fdfe572647d8ff19d7c2186ab3967

Download Submit
C:\Users\Admin\AppData\Local\Synapse_UI_WPF\SynapseXRemake.exe_Url_slhwisqfbmluxijzztyqdmromt4f3x0h\1.0.0.0\xeoh33k1.newcfg

Filesize
338B

MD5
961fd6b7c7fd42a7c0cca84175bdc22b

SHA1
6ad7b6dde3714d2392aedfdf31af9822e3cad6c0

SHA256
5f0382032a515e252b381620383313196263fca49f4fa04dd0024063bf85372f

SHA512
9ff14f5c38e4f8299e360591503dff95a23da4b711e9d9ceeb9375a50d7abcaf8460e7aeeef8fea252cb8b5734de12cce068300e90571a1730109f5d05abcdab

Download Submit
C:\Users\Admin\AppData\Local\Synapse_UI_WPF\SynapseXRemake.exe_Url_slhwisqfbmluxijzztyqdmromt4f3x0h\1.0.0.0\zkxxyw2h.newcfg

Filesize
331B

MD5
78c84813a480dc89ad316143db253343

SHA1
18bfb3e56af56eb6fae5c161bf8123f8e7684aa8

SHA256
c0fe8e0dabb69a70776642dfed64c22ee62ca1bae06fc3618167305aa65bd9e5

SHA512
78eab0facbe8d27b4c01c6b12b2aa7436e9b7fa6e375bdabef35098993b751a1f1cb1b5cdcecbe6997fa32cf685b7b7d27d2332b2cc95c368f6fc8025b6cacbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_35twxxgu.h0y.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap.zip

Filesize
13KB

MD5
94818b5dd6fd533052a0a9f68f23b86e

SHA1
ae34ccf4df49553d6fab6eb4d32a0be7854abe97

SHA256
6e4f0f71b55576352534d4595a58e564cde2f4e338541661c1569af8a8fbd463

SHA512
e6d64bc0a535e2a500985022beea1096aea95f2999ac36793e25c88ba6ff1ebe551e7841d26be1db8520715b6bc7caf76dee432376e1099ab06b0cc2023fc19f

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap.zip:Zone.Identifier

Filesize
52B

MD5
dfcb8dc1e74a5f6f8845bcdf1e3dee6c

SHA1
ba515dc430c8634db4900a72e99d76135145d154

SHA256
161510bd3ea26ff17303de536054637ef1de87a9bd6966134e85d47fc4448b67

SHA512
c0eff5861c2df0828f1c1526536ec6a5a2e625a60ab75e7051a54e6575460c3af93d1452e75ca9a2110f38a84696c7e0e1e44fb13daa630ffcdda83db08ff78d

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake.zip

Filesize
45.1MB

MD5
0f183dd9931c721817c424648668d158

SHA1
9134cf00628e80bfd9c390c9eed478f5876a1b06

SHA256
baa7f98a8de66cb5b0e4a4667d0ebae97f4e8c62cf44cd8a57f6d902d5073450

SHA512
703e3bb7705ca5177b068aaa54dae0a9632fc913a0bda51ab31adc0cb90f538a41f4dad97f86d1e7df998b78b6d658ff2632f3fcd9e2741a62bfbe642eb76738

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\Ace\ace\mode-csound_score.js

Filesize
14KB

MD5
67d3027a53dc9dea93e8badadac2c08c

SHA1
e7b8064b0c9aafbcfc27b39ed66f96eeae054e63

SHA256
dfd544612c4b4c146234c397c610062ef0a64d84ca61bb146a3d74017b93bb40

SHA512
091fab4c78f777f27afe3f10c7ff4777babbdcaef75ed99cb12b7dfd831f7ee9837d418f9932eccac3691abd508a8bf64753f1ac7e4bdda85b9792876400c7ea

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\Ace\ace\mode-django.js

Filesize
101KB

MD5
f35de187177b0165615f713868e14448

SHA1
918a10274d31f09a0fc96b1b5d0dd35d6c0f136a

SHA256
624dcb5438d0d5bf3c630e938da5f0bd2d8bd904fe4316afea82ce8b7f25d56d

SHA512
fec3ec6a120729367801800ed585971ece19c032ff03bad38074d2ff0f4310ea872a48dadd80c9d9be7fcde07fbacf8b67ccc4052dddabcb4f38a1398fbb84a5

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\Ace\ace\mode-ftl.js

Filesize
50KB

MD5
71451c50ed393d0071d352ddb2e56330

SHA1
cbfc8767bb4baceab37805257997c84f4264bbea

SHA256
2437cbce03f95681d4d31f50d2c5079ed35289bba9f13b1f62da20c73c3f06e2

SHA512
219f6d3deee708706ac4e8fdf4f7161a3cf4b6b719763680783e385d9525c0553fe4bba46157a5610e434c8fb40d88e46e54688705925710c4be782f80986fb4

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\Ace\ace\mode-glsl.js

Filesize
21KB

MD5
8ca9be0b4f85aa607d8af3c05c15b20d

SHA1
11f4bcb7b70f1a5bc6eda16825a8c40d81f4b616

SHA256
69343926d5bf317dff9a42193db72989f8464518508a83f642f027745b44e217

SHA512
c279c05f3d04ab75275b4fd61999d4d8b005e956b5d0a1447d00030f15b061621c680cf7ec462cda3c0b669e1b957e9edd2aca64debf6258c8e123ed3f0c9712

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\Ace\ace\mode-sh.js

Filesize
14KB

MD5
37f7cf0e0a639840d67e81e0a3d257dc

SHA1
4e59399b4b5dd9275ba58fc5c7640822af8891c2

SHA256
61f9a37f096997d0f8a4de024358c443943e8eecb2a8d023dba992212e3d1534

SHA512
f4940712bd359338eef2498b5658938a1e3cdbc967e1b17bdd13b6136e6661785abad4537daa2136274b8628cc622035e7447c0fa986f0db77f58f7d1ea56588

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\Ace\ace\worker-css.js

Filesize
269KB

MD5
efb7f98bfc7e9c92c7a5eacd72ece9e6

SHA1
0b6c2de65deb556163893762146c88e7451a3945

SHA256
53468a5a21fda1bdc6838d73255f0f0b3d7030c745077d09d4cdc41b20796f5a

SHA512
2ca94b561e2d13ea7f91ea3087c2c4a19ae3862b48ebfcd934f9f3c95eae3e49f8d6cdd69d8254a88985e3c57ffc3935581ad615dc8fb473720cc64dce9e50cf

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\ForlornApi.dll

Filesize
9KB

MD5
6c4df636535b1920bb44fb6e527b8d6d

SHA1
dc1d4cb9ce78e5454dc7f29ea568dcaa3163594d

SHA256
82505afab89b7629ce1436d81f3110389d54afdb3db448954fdefe26582b7ec1

SHA512
4f120a80d9a7233a74761958daa76d6dba6fc46aca3b872fa2fc0bb7475aaca7e973e6c3dcd24bcfcfae44c0aebec35de6c9c75fa19f09b22296c692a072887c

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\Microsoft.Web.WebView2.Core.dll

Filesize
575KB

MD5
ae3a2648bf76a4dfc83d5e0dcb68f3d4

SHA1
9c33e130e4f071f700321312317d0d66b2b3d8a4

SHA256
8ce541fab9d6334a97b6981e2ff1a72aa7979df913e93cb5be1536de0667cc5d

SHA512
8bb3dbb95386ccc5450fe0fd0853382092af8660009112646dca13f934e766b503fa7d9c1c91322326e0c9bae0df9643cbb2f101f256615a3b66e89d93e92aa5

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\Microsoft.Web.WebView2.Wpf.dll

Filesize
80KB

MD5
4349017614d4ae7f3b179b3c712e2c63

SHA1
45b9e20379951b8c42ce466ccc1d1e9f52739893

SHA256
9a76259ad28264645e36852861ffef803b72ea51f538d3ed678f0586389958f6

SHA512
83efe2ebd75fe6cbaea92ce728daab7c0f31b4b7eb5ee8e199aaa35df0d9957fade45684e5ccffa740d12d4fe5e330dbabc542266dfb0d8a3f8173a9e7713112

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe

Filesize
1.4MB

MD5
a9c04f5705d63cd57a28cbb2b34103a7

SHA1
3dedce434535d9f2f6a37ee0195489f82c65c111

SHA256
327ea0c4e22c70993c0f600ff1a6b10c2fb2b7c2d30194f160cc04ce67c83383

SHA512
1d8048633d504bd5a2ab6d9ef5b1c02502e9697ded4f027a95247767ab4d828bc903ba912221f2acae24fad134b3454abc711cb37caaee0967556f3145e6b3f4

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\CertificateRevocation\6498.2023.8.1\manifest.fingerprint

Filesize
66B

MD5
33fc4bf1927352bc1845acdde3a6ba63

SHA1
63ac2f004ac10198e729e9ccf55f6ac4f7f3c622

SHA256
4ed04e713c9d8f5d80e83645b62f1be84ec0516d37f339b3d443d8f792dea113

SHA512
7e38e264713750baf58dd9ad779885a7aae5a6fcb825eaa44b3cf814dd09cd0bf8f95b5ab5db600d19a64b02ec2155b4c9a3bc2a86e9b18eece8b3100e8c2ff1

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\CertificateRevocation\6498.2023.8.1\manifest.json

Filesize
113B

MD5
b6911958067e8d96526537faed1bb9ef

SHA1
a47b5be4fe5bc13948f891d8f92917e3a11ebb6e

SHA256
341b28d49c6b736574539180dd6de17c20831995fe29e7bc986449fbc5caa648

SHA512
62802f6f6481acb8b99a21631365c50a58eaf8ffdf7d9287d492a7b815c837d6a6377342e24350805fb8a01b7e67816c333ec98dcd16854894aeb7271ea39062

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\CrashpadMetrics-active.pma

Filesize
16KB

MD5
cbb7b43e319785607876914fb737a32b

SHA1
e921e4b2602a9316d1104d7adc24e497b106c916

SHA256
ad9334d3318afea2d3c9c4f42b94a040c8bf657d612825573fc2b2d1189d3090

SHA512
655624930fcd93332cab1269c3c8afe9a69bd12ea7931627691c3a074de4f09a21168eb6c8350fec280739f0425267c8ffcf124ab93723a12fcbec46cdbaaa9c

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
8157520cacbd90645c8a20d0deed635c

SHA1
1ab0b47b81fd6416c24fb0eb26729863b8df20ae

SHA256
6a38ca8dd36ecc8db2f7554390d7f44d1fcf268f7308fe4b1fc9de47bb1320e3

SHA512
b2cf22adfb5c91a61d2f63abab1b0d836a72b624a2b2701d4b6ed11b8a4a664249e71c9fb2f398ac9505b4c3b7e9e9656b45f13408c37ae738f435b2553836f5

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
4fdd1f35a95c19cca29b5e9bd823cdf0

SHA1
eebda61b89aa7e58e6fb0b8b960a6600c752321b

SHA256
65d84e2b9938710ec6ce85e528d8fcc382a536e5a1a86b290b1df2ec33977698

SHA512
4aaf9f6c9a7c25b1a4c9735f2a11832cbf2b61155170b56e7051ddbd580b7673b2b3243794a38a564af7d2b721706c7ca092363e2dd4dd8186ccebc5d72147d3

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
6b8603edae17b82bedaa5ab933a84156

SHA1
3afc63d4c4279e40bbb0054ff18d751fa9a67608

SHA256
d8f5b6e4953ffd94ea28871dee15659aacc3ab7c19c966306ab5d6a39481dc5d

SHA512
3e41a02845237968c990730f58b8a3dcfe4559c32b6a11966b40c52e71e5b94a902ce5e076177f8e6e18cd67c660216f44086a163174ee79c89ae51b134aaba5

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
100af23616afc872559082e7662c0e4f

SHA1
a97dc6d8e5d4e6072a7837be85c52d75906ad92a

SHA256
3e623786c6fe7c0db87132f81af11408d0b0a7b42bba9e89ec4be8673b2e66cb

SHA512
6dbbe81884b35950faaa76baea944f5353ad47372768c793d0703470aed8269eea6741f3a348dfb1b8d2583afc36dc85c01aa9a5bcda1c50b735611bb7a2b081

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Default\Favicons

Filesize
20KB

MD5
5cdda88f9acbfd47b1d204e1f667f718

SHA1
38c98603e0ffb54ec103988803240831c609c1c9

SHA256
513edd15673066ad238ea11267aeeeb618959b5a974197243fc6b385ef7bb329

SHA512
dc0a73219d9b4d978f5a91bcb7a3fe629d6f7bc6e69097d0e1531a70e98f3d8e15f73347e92d7ed21f649e831a65b9af331647888d698a65d6ef21630fc533cf

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Default\History

Filesize
352KB

MD5
a7d86c3f10fc88227403e40d42146202

SHA1
76639acd830ff70cf3e76228ec050d9835869ce8

SHA256
cb06d9cb2a583d8d1fbaa262a909d06c4ab8c02e4c287957bdd8a39a6e0fa389

SHA512
fd68c4167e6c9ea1dc4788df7002d258ceb3496e4bc15b78054306c9dfc408f690a8691941122d496f4288c4f29dc08aa09eb8dbc2d97cc3074a59fd878bca2f

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Default\Local Storage\leveldb\000003.log

Filesize
198B

MD5
b552d48a715fbfdbaca30e72375b3aa5

SHA1
007878a7cba8e57b5aae6819c4659dfeff351b77

SHA256
1a9aad46520a26353bfd656ea63b157266e7d0cb9fc356aa5c0ee0ea2d071821

SHA512
826f87c047f50805338e842ccfe1502f2b141096b0a09c7a4c742a1d3cdafb358c4178a5222ea26a05dd2c2e241c81c5c27d0d03e67048305eb87cb3113fe993

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Default\Local Storage\leveldb\LOG

Filesize
448B

MD5
a71d1a6eeb134295877588fec9380145

SHA1
ef60bd3fee5526165ae39b0ecba6f2b988f17b04

SHA256
5d7161f9ffa8e1586397b27c2dfafaa7a985c2f7757be30150b0682ce9529f2f

SHA512
9775c6dc05196c6e85d8b5dc8108e84ce822c866466f93640c43ca861d85e2af66e40f2605047b04fb6413af5cd416dc314f6410a7b45c797c666c69137a0e29

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Default\Local Storage\leveldb\LOG.old

Filesize
436B

MD5
4d75ce81ce3ba4c9e6080a96fc52d60d

SHA1
90b98c54edc2c5f1ef76f451d1e199d5ddf51788

SHA256
3f7b3c4ce8c909b1131dc24a2f9b14eb3e8cd28f08d78cec63962079fbb39cb1

SHA512
31a614eb4d7d4e1f15f4fe828941fec754ec2447533e8d080e56b95e3ac1802d9a19326fba868cba4631d2381ade3779cb84bf0eb15ac3f237dc587875315b17

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Default\Login Data

Filesize
42KB

MD5
56157edcfd5fb97c478ec60c85d5bc4a

SHA1
a1905bb3ca089b639f851aaf8bc992f80397ae82

SHA256
ee5e57598345b9d5acab2acd8fda7db4ef351b2cb02a991d2a8245c524707d4b

SHA512
f2abf819becd7c624d987c45abccb7f42231aacfaeb275d5a34dce1e05e0bc6d89046147bbdb0c0113691814e307f543d5f2197c1cdd36595afa9ed5c79b21c3

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Default\Preferences

Filesize
18KB

MD5
f21df9df625f007085395f3907dfffb6

SHA1
979eb16d013ee45fe2b464d411024157ddcd373f

SHA256
afb125fe0256a9139984580979e875e0388d15fcbd06325c631168bcaea82bd9

SHA512
60f09ca0717eea8e76fb615b1d8704fb537067f4644a50b09c191c3e50a27d9d022f3f18bbfc2f5bce0efa38d1e061c20deea7185edd038bc530a1bebc8f590f

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Default\Preferences

Filesize
19KB

MD5
affee32ec91593f972d99a75cdbdb231

SHA1
057be81d4a2159c9a3e75c235e3dc5a956e52695

SHA256
1b5c1fbecdd521e76ad1f8841a60f12f07992dca2ca2982cd667d684a86b101a

SHA512
b1e5c16c2282d7a2b3641a05f871ea88cd106f27245b0706afaf0c46c6779674cb49417beed4040c3055a4b4c1abd6d1f9adc415636410a359b1634e6e2b10fe

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Default\Secure Preferences

Filesize
6KB

MD5
71fb5c587d7f4d14eccb166f5c933c91

SHA1
30082d545a3983acf7314a3b82d2fc7a721cc502

SHA256
1213fd161a3613713a6bc3934ef52981073a57578928236c6241b86fbd440647

SHA512
567e6e3dd5f505c813fac9e5c41ec6e40e34b79f0130cc946349450b514eb85bbb74ab91eceec14059317e948ae9a9f8ddcabaa6805a7518e83246165655e371

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Default\Secure Preferences

Filesize
9KB

MD5
41d698c1cd7a862b6f759da77ef8a382

SHA1
c7eee3b38b3e4a7fec654e28415f02c4d927bb29

SHA256
8214c8c0acc1695c0e013cb1ca9075255a9925bafcebc02274a06dcfcc2c8322

SHA512
576ca8ca9e82efa90cf2e9c012c098307a28abe93cb290d4225a17e41d7cb5b7d7b7132a6a3e3f745acef741d1577cf327990c6aed12f204917319a4a84fc2b8

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
2c84d22692410a8905abddaeabc4d6bb

SHA1
10703606f64d87623846af94c7b0b59d58a61f42

SHA256
5a47540d0c27698bf009a8af519271ccfd110b6ed5c43a96adf96cd530f93859

SHA512
0fc6abea4b9f5b4738e827ea24a395f4e3bc59b33c70f0cf2ad17ea820ef3ff332620871bd08da587fa51ab29303ac57fe578a73ce9c0545cfaef939646bb32f

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Default\Site Characteristics Database\LOG

Filesize
464B

MD5
651d5a90da6a2e305b6c6985a4049816

SHA1
47a08896c49dd3a33aadfb634e067bc6bb7c099d

SHA256
8f1968c827b098227ae7b9b527ea2b0a0f9f857374638ec13f86d7bf0e90baff

SHA512
9ebb77851dc510c1b47e9d0189b45069d807872c269b200869547e05e05061e89bf424f0f5651077da0a96766d45d2c2a9147de6dcba3ba8954b8f61b34e92a3

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Default\Site Characteristics Database\LOG.old

Filesize
452B

MD5
851ca7625dbe1a73222324c49ffc8109

SHA1
ab16a24b07acdf64c2f26aad06b893defadadf32

SHA256
089b88f13bbd8ad19b91e8f8e626b9cc0773b13efc7257192d0f2e474604df8b

SHA512
804285ef1f0c87b2e9b6bcbeeb5f75465b1e35d8a87fe9e3a2cc0768b543155d06a46f7752f8aca75042f87399ed9b70bd6717ddcf7b2151944aa27e096e7ced

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\000003.log

Filesize
46B

MD5
90881c9c26f29fca29815a08ba858544

SHA1
06fee974987b91d82c2839a4bb12991fa99e1bdd

SHA256
a2ca52e34b6138624ac2dd20349cde28482143b837db40a7f0fbda023077c26a

SHA512
15f7f8197b4fc46c4c5c2570fb1f6dd73cb125f9ee53dfa67f5a0d944543c5347bdab5cce95e91dd6c948c9023e23c7f9d76cff990e623178c92f8d49150a625

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\LOG

Filesize
437B

MD5
7255be687147ddc0bdae8e78f34bd2ef

SHA1
1bbda728070ed7f4adf307acb3814aecadfc5ac3

SHA256
9165cbfffde979503625e7c3a4bce7f75b262cbd64cf0f666f4a81ae4b6ac90a

SHA512
8304486965ce2dec565da77eedd7f735f31c8988f3faa849219fef1236fb8b75b3ba1689361122ce1d53d595d3cbf2df2e4e0e0f9aabca70e7169aa7fd635092

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\LOG.old

Filesize
428B

MD5
1ee9112e969dc1fb62c7f7be3056770d

SHA1
057ae77119cc381c9b74fae42c73de9136db5f61

SHA256
efad86481c2ccd0fc16f61ccdd163e7a6b8394936126b54ae3f620711529bca3

SHA512
ca8ab70b2d9dfc7df1fb4dfa6926aaaa722adaa4a0669e1f9fa0466dd7cd035bdd1ca6b14829a6345b0c37eaa908d6bbfb379ae2fdc0948b29d9adf97e8b3ad8

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Default\Visited Links

Filesize
128KB

MD5
f1e64276febe3e390279f0d841333898

SHA1
b72df060d81c552689dc3efb387c8e24b811ae09

SHA256
320abbf4094a897a97db985ee4bfaba6ffa590c7846ae2f991c1758b7547e30e

SHA512
9db5fc43b5c300617e7807d0f3b6fd1a1866c3aea81a64d5e79629b8beba8188b2e67036eac51bb61b300c14d13345ac4e49145f0d0e46e9d410d73035651bc2

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Default\Web Data

Filesize
224KB

MD5
2709dc31d3ef640d5009aaa98cbf208a

SHA1
5c1f8d48758707dd8737e7a25e452926e534fcf5

SHA256
cbee7d17e9cd3c0756ba4309353e5b45bd8901648ec11d76e412e536a315d2e1

SHA512
6303db8d1e0de0f58516c74a025b7564560000713d6599988f7d5c51e2084ceb4b33cbf6d7ac2018c410cf7b1a5549f7a5b7a313a7d8dd9550eecff8f3045440

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\GraphiteDawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\GraphiteDawnCache\data_1

Filesize
264KB

MD5
7c78ae927bac28b5ffa1f32240f1f237

SHA1
ce2d08aaacfbb519659afec58c9c06f8f291ed86

SHA256
ee7d281a0645ebc25aa8c2a3634f6165b099a8379cd32024e6a4318ab8c494c6

SHA512
bb905ff697551383fd1c8264f1b96cc653d05b9038574aeb626311117e2e2300d1c24736de66570d4cfa19473a452aecc9d59ab112c92d8ad184cf5c42329d19

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\GraphiteDawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Local State

Filesize
22KB

MD5
bfd76d8e116368bed4922c8e3b4dad11

SHA1
e0b4776c350edf18fb00dd7201806c5de127d19c

SHA256
3cc7350d97dd9b9000a9b82a4f8db7363942ccd023e2bca80dcbfe6ef740d6e9

SHA512
879700c8cbfc1ec0c40fad606fa07194cbd2c40b4cdedcdcf9fc8c6ba9fa05bc83b66c2d5cd47f4dc51223164209870b6206f1a4a050b24885b77e97525327a2

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Local State

Filesize
24KB

MD5
fa9e79481b8151062efca64f3b046a5e

SHA1
91b35afd720420b372f3fe35e2326933459fd8e6

SHA256
e749abb9ef9ac9aad6046eb8a9b8c68c7b6f2aa0ea7ba7e0e6e77245bab85f60

SHA512
3d8f7fce935ffce285a0e2357c181194423593200d2b21d4022eedfea9124047634b0a9961b672e39dccd18a8963f6b5b416406ca25ba00cc9d5ec2534b7179a

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Local State

Filesize
23KB

MD5
a6a3b8bd32a632c29a5437de998b3c3e

SHA1
d65edd371db0168b4776e5340fa1d1f1da1d30b8

SHA256
ab0f7ce826ec4c284a31e6286e46708df0198d1dc093c4ee6c3a833decf261cf

SHA512
dc7e4083169ca2d2719b41dd24e0ce901ab6ff3ef4903a9ecee884e6f4e9735f3e32052ecf6b0f5df00e3f5bb93f5fd87cb6b9afa2470c6943ff91d0ba1b5274

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.WebView2\EBWebView\Subresource Filter\Indexed Rules\28\scoped_dir2464_1722880609\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\SynapseXRemake.exe.config

Filesize
1KB

MD5
a08a28787cfaa30a9e6bc765cef2521d

SHA1
5376179bcb216dbb944421c295e4859fb4ad5844

SHA256
84d79735ed7e032b957dec6c47093961ebc294ecf158ddb4b40f1d8683d3ce4b

SHA512
6aaf1d7de6a560c6004086fb59bcb37a27bbe496823b3f488922faba3123cd066ec706e590f6b0f859bc3a476c077d320286d015e7ee39fc50f67d76d76f3cb1

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\bin\ForlornInject.dll

Filesize
923KB

MD5
f581c757f08283531fef757dd01a5882

SHA1
f3c1467f700252af8f100dbdf7dd7cdecf7e0c97

SHA256
aab18f35cfac4c70dd8e91f58e1610edf61bc057e83106afe3397b6103757f49

SHA512
f1cc3ff4c43916d1197b3a852949b8f6eef3dfa14b52aad5850fa0bd01d7c804f65c6002c88ac0c984074ad8b2a0c4c1a9b37b66e4085736c7a76a050c0857cb

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\bin\Version.txt

Filesize
5B

MD5
34e90de1478e8a54af7fd56d4a3a7102

SHA1
595d550379b2cb8bccb9659627308ff4e751d23f

SHA256
edc8e395a5182e3b231816e191b303407d511f70c1d9cb6d532927cc559c507c

SHA512
6f5d498adde960674138f8245346c23b7f7f0228ef1d4802f0dca54f570edb4260a3d5681e076d48a1e9a43ab8be1c504865ee381b99ce6caa03cb93bac1bc07

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\runtimes\win-x64\native\WebView2Loader.dll

Filesize
161KB

MD5
3fac859547077abafe806ff1e4709f47

SHA1
0366df220c5d224ee64a42c929574407d2e6d2c9

SHA256
f4d811cda483adb33220c5a856c5ec8dca3a095fde54b44f08e1279a6a5efd33

SHA512
9b7b7aabf6bdc11dfd74430336e02d7d2b96b6bbf352f1e2d158a4900bead364900820af56cf9af25366ff5704e2ffcc2458d45dc3efe00ebd0843d127ab7435

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\workspace\.tests\isfile.txt

Filesize
7B

MD5
260ca9dd8a4577fc00b7bd5810298076

SHA1
53a5687cb26dc41f2ab4033e97e13adefd3740d6

SHA256
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

SHA512
51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

Download Submit
C:\Users\Admin\Downloads\SyxReBootstrap\SyxReBootstrap\SynXRemake\workspace\OrionTest\6035872082.txt

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
memory/2780-1712-0x00007FF82D810000-0x00007FF82D811000-memory.dmp

Filesize
4KB

Download
memory/3716-1673-0x00000280EE330000-0x00000280EE49A000-memory.dmp

Filesize
1.4MB

Download
memory/3716-1678-0x00000280F0B20000-0x00000280F0B28000-memory.dmp

Filesize
32KB

Download
memory/3716-1688-0x00000280F4000000-0x00000280F4006000-memory.dmp

Filesize
24KB

Download
memory/3716-1677-0x00000280F0EA0000-0x00000280F0EB8000-memory.dmp

Filesize
96KB

Download
memory/3716-1680-0x00000280F0B30000-0x00000280F0B3E000-memory.dmp

Filesize
56KB

Download
memory/3716-1679-0x00000280F0F00000-0x00000280F0F38000-memory.dmp

Filesize
224KB

Download
memory/3716-1674-0x00000280F0960000-0x00000280F0AA0000-memory.dmp

Filesize
1.2MB

Download
memory/3716-1682-0x00000280F0FE0000-0x00000280F1074000-memory.dmp

Filesize
592KB

Download
memory/3716-5483-0x00000280F7050000-0x00000280F7102000-memory.dmp

Filesize
712KB

Download
memory/3812-229-0x0000015CF1720000-0x0000015CF1732000-memory.dmp

Filesize
72KB

Download
memory/3812-230-0x0000015CF16E0000-0x0000015CF16EA000-memory.dmp

Filesize
40KB

Download
memory/3812-225-0x0000015CF10F0000-0x0000015CF1112000-memory.dmp

Filesize
136KB

Download