Resubmissions
16/11/2024, 10:23
241116-me6v9stnbw 715/11/2024, 14:47
241115-r56emswbmb 315/11/2024, 14:47
241115-r5vm5swblf 312/08/2024, 08:35
240812-khf3xaxfka 3Analysis
-
max time kernel
126s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
16/11/2024, 10:23
Static task
static1
Behavioral task
behavioral1
Sample
SynapseXRemake.zip
Resource
win11-20241007-en
General
-
Target
SynapseXRemake.zip
-
Size
12.8MB
-
MD5
9420d0db0c22b59e656d2690cfcadab1
-
SHA1
f17047cd5cda626c6818b3435fd68a9afe21e07d
-
SHA256
e181ff062c833ba2578ab15cb925db381d40b30a79e2c14878d216cc77bae8ba
-
SHA512
37faff42f8e504c6d31d16ac4d441a0f8a2d2653b28db1a45d37e09a9134c063140ee89fc7f2e8c9938362179c9ebf9d7df021cc7a09f6fcab0dbe9a1d18b0f3
-
SSDEEP
196608:DtQuVcvSM9P8ZIiuaT1ZE5LQbTIznSN3nsEeRxXSul6mHx/ZMyWPo4xU6r9tSbwd:GumFZi3T7E54TILWsEeRxXSumFgwfjBz
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3404 SynapseRemake.exe -
Loads dropped DLL 7 IoCs
pid Process 3404 SynapseRemake.exe 3404 SynapseRemake.exe 3404 SynapseRemake.exe 3404 SynapseRemake.exe 3404 SynapseRemake.exe 3404 SynapseRemake.exe 3404 SynapseRemake.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 1 raw.githubusercontent.com 2 raw.githubusercontent.com -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SynapseRemake.exe -
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs
Adversaries may check for Internet connectivity on compromised systems.
pid Process 4292 msedgewebview2.exe 1584 msedgewebview2.exe 1692 msedgewebview2.exe 4560 msedgewebview2.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedgewebview2.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedgewebview2.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedgewebview2.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
pid Process 4784 msedgewebview2.exe 4784 msedgewebview2.exe 4560 msedgewebview2.exe 4560 msedgewebview2.exe 3404 SynapseRemake.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4192 7zFM.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs
pid Process 796 msedgewebview2.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeRestorePrivilege 4192 7zFM.exe Token: 35 4192 7zFM.exe Token: SeSecurityPrivilege 4192 7zFM.exe Token: SeDebugPrivilege 3404 SynapseRemake.exe -
Suspicious use of FindShellTrayWindow 4 IoCs
pid Process 4192 7zFM.exe 4192 7zFM.exe 796 msedgewebview2.exe 796 msedgewebview2.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3404 wrote to memory of 796 3404 SynapseRemake.exe 82 PID 3404 wrote to memory of 796 3404 SynapseRemake.exe 82 PID 796 wrote to memory of 4768 796 msedgewebview2.exe 83 PID 796 wrote to memory of 4768 796 msedgewebview2.exe 83 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4292 796 msedgewebview2.exe 84 PID 796 wrote to memory of 4784 796 msedgewebview2.exe 85 PID 796 wrote to memory of 4784 796 msedgewebview2.exe 85 PID 796 wrote to memory of 1584 796 msedgewebview2.exe 86 PID 796 wrote to memory of 1584 796 msedgewebview2.exe 86 PID 796 wrote to memory of 1584 796 msedgewebview2.exe 86 PID 796 wrote to memory of 1584 796 msedgewebview2.exe 86 PID 796 wrote to memory of 1584 796 msedgewebview2.exe 86 PID 796 wrote to memory of 1584 796 msedgewebview2.exe 86 PID 796 wrote to memory of 1584 796 msedgewebview2.exe 86 PID 796 wrote to memory of 1584 796 msedgewebview2.exe 86 PID 796 wrote to memory of 1584 796 msedgewebview2.exe 86 PID 796 wrote to memory of 1584 796 msedgewebview2.exe 86 PID 796 wrote to memory of 1584 796 msedgewebview2.exe 86 PID 796 wrote to memory of 1584 796 msedgewebview2.exe 86 PID 796 wrote to memory of 1584 796 msedgewebview2.exe 86 PID 796 wrote to memory of 1584 796 msedgewebview2.exe 86 PID 796 wrote to memory of 1584 796 msedgewebview2.exe 86 PID 796 wrote to memory of 1584 796 msedgewebview2.exe 86 PID 796 wrote to memory of 1584 796 msedgewebview2.exe 86 PID 796 wrote to memory of 1584 796 msedgewebview2.exe 86
Processes
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\SynapseXRemake.zip"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4192
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1596
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe"C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3404 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=SynapseRemake.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=3404.1216.30699158665581592542⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:796 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x114,0x7ffc83d13cb8,0x7ffc83d13cc8,0x7ffc83d13cd83⤵PID:4768
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1844,15454949471262785355,1063159673819751888,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView" --webview-exe-name=SynapseRemake.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:23⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:4292
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1844,15454949471262785355,1063159673819751888,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView" --webview-exe-name=SynapseRemake.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2028 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:4784
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1844,15454949471262785355,1063159673819751888,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView" --webview-exe-name=SynapseRemake.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2468 /prefetch:83⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:1584
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1844,15454949471262785355,1063159673819751888,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView" --webview-exe-name=SynapseRemake.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:13⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:1692
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1844,15454949471262785355,1063159673819751888,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView" --webview-exe-name=SynapseRemake.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4316 /prefetch:83⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4560
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:488
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2036
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\SkipGrant.vbs"1⤵PID:3732
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵PID:4988
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc83d13cb8,0x7ffc83d13cc8,0x7ffc83d13cd82⤵PID:1480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,17445124621193048398,4275505637514170392,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:22⤵PID:2452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,17445124621193048398,4275505637514170392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 /prefetch:32⤵PID:3960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,17445124621193048398,4275505637514170392,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:82⤵PID:5072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17445124621193048398,4275505637514170392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵PID:1216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17445124621193048398,4275505637514170392,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:12⤵PID:1488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17445124621193048398,4275505637514170392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:12⤵PID:3444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17445124621193048398,4275505637514170392,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4408 /prefetch:12⤵PID:4512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17445124621193048398,4275505637514170392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:12⤵PID:932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17445124621193048398,4275505637514170392,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:12⤵PID:3040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,17445124621193048398,4275505637514170392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:82⤵PID:852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17445124621193048398,4275505637514170392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:12⤵PID:1540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,17445124621193048398,4275505637514170392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:82⤵PID:3196
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4884
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4084
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51fc959921446fa3ab5813f75ca4d0235
SHA10aeef3ba7ba2aa1f725fca09432d384b06995e2a
SHA2561b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c
SHA512899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06
-
Filesize
152B
MD5e9a2c784e6d797d91d4b8612e14d51bd
SHA125e2b07c396ee82e4404af09424f747fc05f04c2
SHA25618ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6
SHA512fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1
-
Filesize
5KB
MD51e7db34858614effce74379bbae89eff
SHA1549fb250865bd335227925dc4ce8568fe2faf2f7
SHA25634467b36f395d99897f6b8832bcbd1d7f61cbbf60e6493d730735920a67b00b3
SHA5127c363ca750a99e71e321d429b45fac7c1524e9cdef9e3736d1fd3d0cd18aecd737754602fd0acf6cfb0caa6554088e52aca84a206973fcc4aecb272a7521167f
-
Filesize
5KB
MD5d94e445867833b88c9ecb4b2b21a075e
SHA189f885b067ef74ddc58139cb40f1f7ef4c39f480
SHA256db3b9dcc81f0f096d09aa313984c33ba0fab777d159756266ff8fc84c99dc06d
SHA512ab935956666e36056c072648f954dec5b42f47da00275a608573129771476e3925324f8d082cb04367bb017cc88395274bedc5f7fe2d8ad70a7414def4799207
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5d3074db238d3b70e45b0fbd496cf279a
SHA124b54e7fc605a41c68c1ee2e659441d1a1245942
SHA2569f7393f79c90c3aa226d7e564d6bb2020f7465e1cbb6c47955878aeff136c9d9
SHA512b4609b096a5e17516cf8c7d050275bbfe35e27f57df20abf3707a5e532b69e5e3237b73174b9ef6246d3f4aa1a00a04c18378bc83bf00e28e693d9c4f388b1da
-
C:\Users\Admin\AppData\Local\Temp\7zE06089337\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_2
Filesize8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
C:\Users\Admin\AppData\Local\Temp\7zE06089337\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Default\Extension State\CURRENT
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Temp\7zE06089337\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Default\Extension State\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Temp\7zE06089337\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Default\GPUCache\data_0
Filesize8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
C:\Users\Admin\AppData\Local\Temp\7zE06089337\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Default\GPUCache\data_1
Filesize264KB
MD5a4f89b3a044ca4945d1ece58043941ac
SHA1fa1270a85ff67267f955a7882b9339594a7c5454
SHA2566aded5168b601d1bd6e9bf2701c3c989145dc951431ab52ea4e1f23053a25bdb
SHA512634fe6a81cedec6d8ee6fd8f8e61dc387189457fadb93eba13c4ce147332a9794a3cebded6b5917b1331f578a971d763a6cf9198c2404b50798063756c0d9c9f
-
C:\Users\Admin\AppData\Local\Temp\7zE06089337\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Default\GPUCache\data_3
Filesize8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
C:\Users\Admin\AppData\Local\Temp\7zE06089337\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Default\Shared Dictionary\cache\index
Filesize24B
MD554cb446f628b2ea4a5bce5769910512e
SHA1c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA5128f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0
-
Filesize
7B
MD5260ca9dd8a4577fc00b7bd5810298076
SHA153a5687cb26dc41f2ab4033e97e13adefd3740d6
SHA256aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
SHA51251e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
-
Filesize
22KB
MD57514aef4256e2e281de29314b8326710
SHA149efbd1b42b993d242d35a73ab34999cd34fd30d
SHA256539b76176930637d6bd027dfca3ce7fe6325e22af74553a351bb5e8177e9f4f5
SHA512278efca59fa4cab4b54c81ca8cb6179fa1584059a5edda601cdc20c4a5d96d9d2c3d0a2442fab86fe6a694385001de374d6ac50f26fe778b333a293aa23c447b
-
Filesize
557KB
MD5b037ca44fd19b8eedb6d5b9de3e48469
SHA11f328389c62cf673b3de97e1869c139d2543494e
SHA25611e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197
SHA512fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b
-
Filesize
50KB
MD5e107c88a6fc54cc3ceb4d85768374074
SHA1a8d89ae75880f4fca7d7167fae23ac0d95e3d5f6
SHA2568f821f0c818f8d817b82f76c25f90fde9fb73ff1ae99c3df3eaf2b955653c9c8
SHA512b39e07b0c614a0fa88afb1f3b0d9bb9ba9c932e2b30899002008220ccf1acb0f018d5414aee64d92222c2c39f3ffe2c0ad2d9962d23aaa4bf5750c12c7f3e6fe
-
Filesize
59KB
MD5966f786c87c250b9c65c3f18c70c9223
SHA19019ea451914102bcd6033c7b0c15f8e9ab7321f
SHA25696bff6ca1516e84dc5ad5c8936cc27a25c681397e4b1b3526d181a92e53033cc
SHA51289ee9c545c2ed75e90f0424c89aab68301c4a74099e44d9f496b467f7b8f74bb9795b6c1f64a9a19bc485c6256b818bbfa647ca4e268539b6a1a57d323433466
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\CertificateRevocation\6498.2023.8.1\manifest.fingerprint
Filesize66B
MD533fc4bf1927352bc1845acdde3a6ba63
SHA163ac2f004ac10198e729e9ccf55f6ac4f7f3c622
SHA2564ed04e713c9d8f5d80e83645b62f1be84ec0516d37f339b3d443d8f792dea113
SHA5127e38e264713750baf58dd9ad779885a7aae5a6fcb825eaa44b3cf814dd09cd0bf8f95b5ab5db600d19a64b02ec2155b4c9a3bc2a86e9b18eece8b3100e8c2ff1
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\CertificateRevocation\6498.2023.8.1\manifest.json
Filesize113B
MD5b6911958067e8d96526537faed1bb9ef
SHA1a47b5be4fe5bc13948f891d8f92917e3a11ebb6e
SHA256341b28d49c6b736574539180dd6de17c20831995fe29e7bc986449fbc5caa648
SHA51262802f6f6481acb8b99a21631365c50a58eaf8ffdf7d9287d492a7b815c837d6a6377342e24350805fb8a01b7e67816c333ec98dcd16854894aeb7271ea39062
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\CrashpadMetrics-active.pma
Filesize16KB
MD51f2cc5c4d277ef71448e68292d2392fc
SHA1f44b15df723c2e282c7832460f4a53eb93dbfe51
SHA256a49e9cd419b0327e62d2acb9c65165feeeab20bfeb22e1dfa61e1fa3ab14fd77
SHA5122334668f7291e9f3a5060bbd339c6c312271c223ac177f6ba06addf87d4f9943991fbc234707dd2f7e02c9acece3fb3c503df77056e7156ed9c74b96fcea7a93
-
Filesize
152B
MD5f65f6a232f14573216e60256d575d8c9
SHA11610871eea55dbd77cde0d48447a8a29e96427a5
SHA256f3acd85341588ee617ad6b17a905727a86bbfb874e3ac73de35a941dd076eb82
SHA5122fb58b63bb857d7ef8b57a2f5e9cd3c052fe244e55f2f790aac159ac74eb65f46750a7700b7727aeee292647cbea66da2418bd1a39fbb43acfa23328fcaaee11
-
Filesize
152B
MD53e16657e4e4a4e310267427af9060877
SHA1c1bdb54a96efac946087daa361d3e99d9b8ed6d9
SHA256e843218eba93de97380e148e133eb858721afdef103e907fb3123626f2e83e87
SHA5120bd5c094bcbaabd935ceed80660a9e179d1bbe203c9f9d2a1f2d1ea3322d51bef9a6dba2674e3e2a4480fa6c69bd801f0584114bd6e4589c4f17e61bfab0b6d1
-
Filesize
152B
MD5f1bf0b9a2916a36ecf3d60a91a8ca1b2
SHA1df9218741d913feb71c1c06d675ae7cd49ba376e
SHA256efe00786b0b33aaace0d7df6b7237bb30fd2705324c729964cdd331af7d549bf
SHA512d5f9dfdc2b5bc56d4bc87a920e5498be62990173ee5f5ba967c6b6dd5da9b46cc948120e335b87f0634a98beae840c141ad1c821eef53f1242d73491be451ac7
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Crashpad\throttle_store.dat
Filesize20B
MD59e4e94633b73f4a7680240a0ffd6cd2c
SHA1e68e02453ce22736169a56fdb59043d33668368f
SHA25641c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304
SHA512193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
Filesize48B
MD5e38fa008d45b21c466a0dccf43618475
SHA112a0a657fdc44c5a41e35fddbada6d6a7ac0cb0c
SHA256678c0182a033b59fcd66139e31211c1a5387ada9f5b55e1c115730b9d2b43eb9
SHA5125528b0cfce28650226354317caf3ebe8b14f60f7995c07eae3a643877b877ea48834965451879022c43dae9d9aab0fc54a340b6832fa4d45181c83a220970585
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Default\Code Cache\wasm\index-dir\the-real-index
Filesize48B
MD56c29baa3da8468c5f80bb331a33d0140
SHA10c14139e47871dc753dbc33735094dd701db0b42
SHA25647e86e61bb5360af80dd5e78a14c0ec219c6d31aa96c2eccfe32a2405e4c6a57
SHA512c7734e3b9fade95ffa289ee6257926b8059d900c2404f5142808b389dcf694f941d609003fbb5546bc0d6bffd6eed66aefe0125c7927a540bc031c9e0dc9f270
-
Filesize
20KB
MD55cdda88f9acbfd47b1d204e1f667f718
SHA138c98603e0ffb54ec103988803240831c609c1c9
SHA256513edd15673066ad238ea11267aeeeb618959b5a974197243fc6b385ef7bb329
SHA512dc0a73219d9b4d978f5a91bcb7a3fe629d6f7bc6e69097d0e1531a70e98f3d8e15f73347e92d7ed21f649e831a65b9af331647888d698a65d6ef21630fc533cf
-
Filesize
224KB
MD5115f03f6596101ba971d67d649e6d15a
SHA1c51bcf003826fe5d131d8bcbf14aa7602f0c4b16
SHA2567e7c0326c8d3124e331bffc065a7dd3141c223ced035de6e678ff7fc44adbd0a
SHA5126321e705645f51062e76cdcc36cfd2b5e9a899ed3b1f81fa2443dfc536d4b359cefcba03a3edd001155f6a7d37d5e3750d60cca06ab89a75307a41a90a58ae73
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Default\Local Storage\leveldb\LOG
Filesize409B
MD583d3ad8100a5a9bb55851517dedb44dd
SHA107fc4a3aed5cb260c58a0f38cfaad65609a3b427
SHA256b391e222adad97240f444685cd85f5162f0b538b649f5bc63e7dffc31cfd7389
SHA51273671bb1c2148ae23b3ed4cd6493fd256d7cf39599f77432b22e373d73c94aa8161e6f4d6dcf59c704cacb43eb9ff8356f3d9a28aa5aa33622b257520c80202c
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Default\Local Storage\leveldb\LOG.old
Filesize412B
MD582494c3791e3492d6e26b4d1893f9f6f
SHA1fb90c787d1264abf2f2ab36ccccaf7c3e08ea6f1
SHA2567ab1bab9c164608d5fc9bf1dc3f0feda10d6a786e52226f1e2155674178e1875
SHA51201333c999d9ac5660d8ab6acd69b90688c976e6152092e6d80ff10c21a4008da1c2b1966b4e481806d5bb9f2686a00df52d4e0a53ab69c09d46aa2b3d2669a5d
-
Filesize
42KB
MD556157edcfd5fb97c478ec60c85d5bc4a
SHA1a1905bb3ca089b639f851aaf8bc992f80397ae82
SHA256ee5e57598345b9d5acab2acd8fda7db4ef351b2cb02a991d2a8245c524707d4b
SHA512f2abf819becd7c624d987c45abccb7f42231aacfaeb275d5a34dce1e05e0bc6d89046147bbdb0c0113691814e307f543d5f2197c1cdd36595afa9ed5c79b21c3
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Default\Network Persistent State
Filesize299B
MD5c4a767beb86743e60286fd57edadec96
SHA1a563687f76fb3268a57596d1a57b11627d1b3d59
SHA25625f7cf25a307a083b700c7e3b34b19d31a79e6689b47bdda83b2e949ab96aabe
SHA512621b5f2cc2bae3a5550adbe832cf5330deef81d92f39c819b3da1b4de3865e5cb82ed2e1a6962632513007a84abb3ec1e3c84d5272a9a97030b869f051a616f9
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Default\Network Persistent State~RFe58def1.TMP
Filesize59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
9KB
MD59648587ab976d3b6da31c9e8bcd65b9c
SHA1c95be97d1a0ff38f86532f1a6718ab7d34bcd97f
SHA2565f0d2db930d815ec32fb8f745900bc38aec9cdc2a4926c3d5d84758017c9cf25
SHA5127518dcfd0712afe13ce3e199044882533cbf01e67f159a8a6ae789d9e7ecd8080e645890d59dd49181fc8e8c5b654659b3e14ee9341371cd66eb66f9201fa73e
-
Filesize
9KB
MD56880252e4c9f0ca4e3e03b079a13e4b5
SHA1cd7c9f2463aa3375d954de416b946626a24102b8
SHA2567e0b32f0dc228cf2ef466eb56199e586377d099372252d35ba6a37b3983473d1
SHA512ecddb7ec6998d2cf1262ab081b3208a0af0616dd53dd47acf3f7cb226da857e5a1104e0a591eea9592e4646e5ff5b97ad38435efc23192f97e198b2588425660
-
Filesize
8KB
MD550c4afe44a3932fb8c8cd494f2bafbd4
SHA16fade60dd30b6ff48bf6ed90d9bda34ba6df2b5c
SHA256433ff57c0e4cad2bc69030c1e6ef2c707b1bf50dfe6d9b359ecac700922a242e
SHA512af8894a40d63bf1b5948f16e8f271f7c6dad217baaaa2ddfe918ca296056e3010d69af2adffe36bee2f227430a9a9b187388b630b66419a9a8def9ba93804f2a
-
Filesize
9KB
MD56f3aefbf91bfd21ba1de78c6320482eb
SHA1bf1b513730ab053d6e4f8d1e602b7f67f311ae38
SHA256e993f6bcd069043fe802222595c6f71904d7d3d2dc2d92db3970f01ae8c15547
SHA5127c47810d9f5c9e4907456d9db72e5272350f5c0810921cc3aac8fae192acdf5f82b358f3e1b2d33c0e2be90b7ce6385e1af89f3f6e10438b71ef92fd4daf7beb
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Default\Secure Preferences
Filesize6KB
MD5579adadffd417e2c147f595f50785529
SHA1d3c0c6e8317a787e43b1598bf46928804652ed99
SHA256c3f92a0ca5cd43de6b5676af11507a32dfed62892390cd932caa3dbf5ee33a55
SHA512e86dd906b64e55c021ee154af4f2be96bf99d18fb68b0f5f81773e20b11ea48d9a60d65e6bc84a862b3e27be83a623f5d807baee57695bd2ab3cf9217215df83
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Default\Secure Preferences
Filesize6KB
MD53906037d0377d64b1f76d54d264f558d
SHA12c4f9543a68731afee51896a6f530be5d305f4af
SHA256f370ace5508fdd864b7c37fdd7b395f03a37c8e7558f262ee70d71407b876a0d
SHA51212d20ef455bbf5a9bc010796775a1ff6c755743d6ee46d35a3d1b5a7609576675b3e97ff36c04b40b794f6515f6bb9eaa8808bc0b11f9d84108b7ce284ef8bc8
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Default\Site Characteristics Database\000003.log
Filesize688B
MD5d004cb0a8678371b4cd842882a29241e
SHA1c77ab7d5f3d74c4d8f316f19d8a86803d5cd700c
SHA256241c08c6fd425b3186cc7189fe6c32ae2cffc764b84fcd0da996c8badd365479
SHA5127cc54f8500a9b71b8e7e06a9a1c2be8cea4e9974528e901ad940569487abf3867431b14b092e7dfe00f9033ba73e72f182d2a25507631b61deb813858ebfe406
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Default\Site Characteristics Database\LOG
Filesize428B
MD50cd7f566d0f2dd201551fb2843f185cb
SHA14f7a9b2860065f62facc78fb54a998cf337f73e3
SHA256a2094e5f109f385814044ca927fd0c2512d9f4376abf507d92c522293f8ed232
SHA5127b4f850a0e5812bce78f1bab8b1dee99e80beac56e179b4363170737259610b5ba4251e10e08b74b3f98f36ad19b2a9d9b46099b1343121b8b0a6dee49493f17
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Default\Site Characteristics Database\LOG.old
Filesize428B
MD5585f3ce1f2b7699a62ce1c1309e77708
SHA1ee0862777cae590b0a4909988ded901ad41e2e64
SHA256452031bca20ec2ac83c8549653ce7cea589039a42242047d1874fac2dae3ed88
SHA512552a44d0fb4a0f3158ecb444f6f0310f8228ddf6d527692e9485d280685d16a68646adbf0c336c39ba5f2b318463eef5df98a323bd2e068737ee1fa0fc259da6
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\000003.log
Filesize46B
MD590881c9c26f29fca29815a08ba858544
SHA106fee974987b91d82c2839a4bb12991fa99e1bdd
SHA256a2ca52e34b6138624ac2dd20349cde28482143b837db40a7f0fbda023077c26a
SHA51215f7f8197b4fc46c4c5c2570fb1f6dd73cb125f9ee53dfa67f5a0d944543c5347bdab5cce95e91dd6c948c9023e23c7f9d76cff990e623178c92f8d49150a625
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\LOG
Filesize404B
MD5a78963e85349f4d416e47fb4466e8577
SHA1e2f04eb390999ec560efd1e92a71f78e70608150
SHA256340f8d4b323345234e858d63f137eff60481cb93481c5d19223e8a5d85ff9b20
SHA5126b91a91ee6b8ea21dfad61f0273cb87bfc973446e195abec28037476bf55ea1f55daaf6d302c46bd491fc83b3c54bebecf1ee5cd05cb2deaf649d2ce0c8a9761
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\LOG.old
Filesize404B
MD57b8e13b6360c7916fb28ae34acdd5abb
SHA17ac836629ae7e846441b9c22f02ef9ea1545c80d
SHA2560c081b9fa6ad411e6ac388b4f754be6aecd5a71e42f9c244829ce964cbd0c6ec
SHA512c585f966fc879b1a59a695211c9331f06851ea9688e4215c8cdb350f034ce80b5b2b2b9c89f6b12a6fcdc3aff9932dff0a675db9cf54a1cab5dc6e49e3ef93d7
-
Filesize
128KB
MD5eb52b1c681e84307e385c44e4c5a9f47
SHA16eff9ba90e591cd1d10f673f6b36e273af110db6
SHA256576eb1898226e92a4bc6fb55832f27cc299fe82f77ad10a1e7312c1bbaf9e738
SHA512c7886078bc5e34026b5cdb6b6f7a0e0787dc2de44eddea4c3e8fc692116104d0757610134e86236772f5c681ff90f768f9ca605c395ecc9be69729aff6cf3e59
-
Filesize
212KB
MD5559eb21dc8960381c4855fe0edd0a8dd
SHA11253a89d668a7bdf16efb76ff4c8bd0f124d6389
SHA2562374a459555b5d14fb21c5618787f06a1821e75161a27cc5c6e6dbfec0d32b68
SHA512e3d8cf27b5ff29a073e830a478efe70ef61dc52e2baeffd1cdcfa52e44d74c783c9a388838d588f4360f49db48675b69d1bcfa976d2dee073946ef66c1846bb0
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT
Filesize16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11B
MD5b29bcf9cd0e55f93000b4bb265a9810b
SHA1e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011
-
Filesize
24KB
MD5a400469c253a7a7eb20cfece690d12e9
SHA1cca7bfdc550d44ff4a10c940f19af10a6507dae1
SHA25669eca903e771dc2c5f9c9e98edfc456a68bbd79f81cc7bd13bc6e026f25dff22
SHA5124fa4178033969e4ef1f07cd8042657ebd58f76dd9bc7e64d36794fe5b1a1a7a2e1763a7bfeafd2b7601539c9117f4bfbb7ea99cc1a68675cd9fc7f08210f1132
-
Filesize
24KB
MD5b4c7310881e91a5116993342a04b2aa6
SHA119317d575dcdd65258356252bc9204c6747afaa9
SHA256717fe5689d3371bf4fabaf4c6094a9b17c95318ddb71deadf3cab098d6ac3596
SHA5123bce66cf2c340bb01e600f9304f539166545713670aca86ac9d37d32eb709b30be682ce378c003e7dbcdbd44272200316fdc2fc9b091a555a979bf9e3cb5ae55
-
Filesize
22KB
MD5cb478ed251bbe64a11fc5e96800228a0
SHA1b2b5b6c6d6a02824e119c0c86164e27de901509b
SHA256a6e267585348f38efc741cad4cab978602f713719830d33b00d3af847fad324a
SHA512536605c6b43b523790849a41968f988f37dfb1e7bcd742e38843b49d65aba6920d461ba06eb15f32a38f97d5ab758b2cf0813212f71587ab7e73905a23ed8e93
-
Filesize
24KB
MD5f27de9527b1838a34097082103f721a6
SHA144566fdb15a5354a39116d894cf6e3b07ab3025f
SHA25615eea1038e1ee978450ddb3abb052a0668a056566e80e6004a9db6704668d6d4
SHA512f9dbad6a566670b0ac6320088af60e0f83893eb4cd04f24e0bf8f1a61bc418189455d001fc7ffc0668c09335576dfaeb212c3fefb4ea02b8c629f495d5e6be24
-
Filesize
23KB
MD53bb4f2b898a95ef3c5a14e3c3cdcc51e
SHA163008887800830bccd2d742f71a46571246bb417
SHA256d2b45ee029f375af8f19ba3fb49c9dfe4cb1b7cc9a9723b920b95993d3fe9c98
SHA51202fac7352df7b3f95f75f4bc1fd7784e7c51dfc577477c50d0d61a5f6842cb2517659780201d0d255c558201c291e937aa5f67f1725ceb4b08ee7b74116955b2
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\OriginTrials\0.0.1.4\manifest.fingerprint
Filesize66B
MD57ce55ac0d7683657fd051e573ad06e30
SHA13bc51fbc6155c4e9d1439587e1c739995054cc52
SHA256138e2b36e4c8bec8b00180558843355037d7de99c389f46e6183c4fc5a34c790
SHA512f269c5c2ee53ed836bfd1b928b40e1ddb2aaea00e5585c85fecfcb1add71130d4ecfe91d2f2527934ac472c8b432d3475ca02b8f808e7e6014cd49155529d9a2
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\OriginTrials\0.0.1.4\manifest.json
Filesize43B
MD555cf847309615667a4165f3796268958
SHA1097d7d123cb0658c6de187e42c653ad7d5bbf527
SHA25654f5c87c918f69861d93ed21544aac7d38645d10a890fc5b903730eb16d9a877
SHA51253c71b860711561015c09c5000804f3713651ba2db57ccf434aebee07c56e5a162bdf317ce8de55926e34899812b42c994c3ce50870487bfa1803033db9452b7
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Speech Recognition\1.15.0.1\Microsoft.CognitiveServices.Speech.core.dll
Filesize2.6MB
MD50ee2b50c85a110689352fccfa77b5b18
SHA1d9ecc4b12d2d50e3cbce40e75edad804c9988b25
SHA25662a13d8459e0992c311dc3551bf3c2d1ce167ea7fa40f0ec62193f3bd760b36e
SHA512a4f94a05a69b5ae3a0ecf8bdb7592f698d0df81e2f1fae679f38890ad04a2384883837bc792c73848955ff4af7afed49d38839f7ab174454e61919ed78655bff
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Speech Recognition\1.15.0.1\manifest.fingerprint
Filesize66B
MD55bbd09242392aacbb5fac763f9e3bd4e
SHA114bb7b23b459ce30193742ed1901a17b4dcf9645
SHA25622b55f5d9b1bafb80e00c1304cf5e0d6057a304a2e8757b4f021b416f4397297
SHA512541e4c7998e91a5113f627c2c44e32b54878fe225b3b9476572f025f51f2b4ec4a44b102498adcc22b8fe388970645bacfafb6e7fc8a216df4d7bbfc8b0ff670
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Speech Recognition\1.15.0.1\manifest.json
Filesize76B
MD5ba25fcf816a017558d3434583e9746b8
SHA1be05c87f7adf6b21273a4e94b3592618b6a4a624
SHA2560d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11
SHA5123763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Subresource Filter\Indexed Rules\28\scoped_dir796_539031220\LICENSE
Filesize24KB
MD5aad9405766b20014ab3beb08b99536de
SHA1486a379bdfeecdc99ed3f4617f35ae65babe9d47
SHA256ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d
SHA512bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.54\manifest.fingerprint
Filesize66B
MD5481d331ee220e970a813117194e35e7c
SHA18b7ea4219f7ba4c98a885b51610bcd68cb8c2373
SHA256e40224a6a081887e84881851519077dfc177c031a12a0d87ece96589ce086060
SHA51279b659a13470f94971c2f0e40a6ee25ee7ed1b63a9ab2a94ac09d20500572c8046fcf2bae1c71238e5b9edd003397f7d3eed8cc137a2328c3651629e7cb6614a
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.54\manifest.json
Filesize116B
MD51b8cb66d14eda680a0916ab039676df7
SHA1128affd74315d1efd26563efbfbaca2ac1c18143
SHA256348c0228163b6c9137b2d3f77f9d302bb790241e1216e44d0f8a1cd46d44863c
SHA512ab2250a93b8ec1110bcb7f45009d5715c5a3a39459d6deead2fbc7d1477e03e2383c37741772e4a6f8c6133f8a79fbabc5759ff9f44585af6659f9bb46fbe5d6
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Advertising
Filesize24KB
MD5131857baba78228374284295fcab3d66
SHA1180e53e0f9f08745f28207d1f7b394455cf41543
SHA256b1666e1b3d0b31e147dc047e0e1c528939a53b419c6be4c8278ee30a0a2dbd49
SHA512c84c3794af8a3a80bb8415f18d003db502e8cb1d04b555f1a7eef8977c9f24e188ae28fc4d3223b52eab4046342b2f8fd0d7461130f3636609214a7b57f49cb4
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Analytics
Filesize4KB
MD5da298eacf42b8fd3bf54b5030976159b
SHA1a976f4f5e2d81f80dc0e8a10595190f35e9d324b
SHA2563abd2e1010e8824f200878942e0850d6e2620a2f0f15b87d32e2451fdda962ec
SHA5125bf24c2df7cc12c91d1fb47802dbac283244c1010baa68bfae9eb5eb8ee25758156bb1e21f6cc3f55e7d71e5c330888ffd41469b2630eb86237c9970d7ede75e
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Content
Filesize6KB
MD597ea4c3bfaadcb4b176e18f536d8b925
SHA161f2eae05bf91d437da7a46a85cbaa13d5a7c7af
SHA25672ec1479e9cc7f90cf969178451717966c844889b715dff05d745915904b9554
SHA5125a82729fd2dce487d5f6ac0c34c077228bee5db55bf871d300fcbbd2333b1ee988d5f20ef4d8915d601bd9774e6fa782c8580edca24a100363c0cdce06e5503f
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Cryptomining
Filesize1KB
MD516779f9f388a6dbefdcaa33c25db08f6
SHA1d0bfd4788f04251f4f2ac42be198fb717e0046ae
SHA25675ad2a4d85c1314632e3ac0679169ba92ef0a0f612f73a80fdd0bc186095b639
SHA512abd55eff87b4445694b3119176007f71cf71c277f20ea6c4dcadfb027fdce78f7afbcf7a397bd61bd2fa4bc452e03087a9e0e8b9cc5092ec2a631c1ebb00ee25
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\manifest.fingerprint
Filesize66B
MD5fc8af1e27127535b4eea55c8c2285865
SHA1dc9fb2a8fe358f84f4f2749460ef15507e7ecb07
SHA256c76f988dee6149c0c21f7f657688a7fcaa20b0dc83881efe14d58d9be3f5236b
SHA512ec847bd27383c37cd67d9204e5dc55256ca0303c0d7696558de650b569ef8f9eb747603180ae6561f884bbe6eb519a23c18fa4a646c43d58799f01744c2b9de3
-
C:\Users\Admin\Desktop\SynapseXRemake\SynapseRemake.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\manifest.json
Filesize132B
MD5e2e0e30a5061d2e813d389d776cd8ffd
SHA190913c06260b62534b42c0e28bac3082cdacd19c
SHA2567f8c92b4e9da2afa5a089e37797036d18e61e4f02a4885b7887c0b98d464259f
SHA512000727f5052c846e39c62ae90032db500708e5fec5af24b8cc1f3a9d4102bc7b9be025176f01722a7c72b5e8bf85b0084cab0ebeb00fde03928c4e22869c98cd
-
Filesize
2KB
MD54fa9e9336d6ad39dcef2cc70b60d5159
SHA1ad50fd11147895dc9eb16f8264e2d56f3162603b
SHA2562bdd3ad7f669a6d1d634ec972b9396982b0b65a53b7e2723fe4955d5333f268a
SHA512376c6743ca7d7e524d3beb54ac4d62d485b5dfa9815baa8696c638bc88c902586d3e1d9004beda2a10ea537e071b46959d698919e51d19950b6c6f1c85512c7a
-
Filesize
5B
MD51237637816a1ef8e3a33c1191d9dea66
SHA1e5906c31c05c50ae1bcfde5f3a47eee483bc23c9
SHA25620d2cb096d1ab41a4140246d12f07bf6b8cb743fd48122b72532c03d44c5c14a
SHA512e6bcf72302fdf2139b5f9d77dc0be3458daef8ad42b81842371dffb98307479a8a8e053eac8f27eea9cbfc47cb60248ab0fecd994bab3c2359c1a9d5dab508fe
-
Filesize
113KB
MD59d7744e15bb8e3d005079b18979c8544
SHA17b326c96e5f3f6baaf6e9390b119a4ffb3df2c64
SHA256cc2f661aac9c05646933f717e629a69be93d8d06803066289d6dc1105aac6cd2
SHA512732fd17714ec5ef0afd8f17d06adc895e93bea4585b6b1dabcf95c3fbe808e7b31a19c13cccfac0b30cd425cf96926749a0373a861f55fa8db442430803f4a25